I'm building a registration and log in form and I would like to hash my user passwords on registration and my main problem at this point is how to write the query to update the passwords when the user is signing his email and pass for the 1st time and I want to add mysqli_insert_id() to the query to follow the unique id's for each user.
so I have database named testdb with users inside.
my code is perfectly working until the moment when you have to query the password and update it.
First I'm hashing my passwords
$password = $_POST['password'];
$hashed_password = password_hash($password, PASSWORD_BCRYPT);
$query = "UPDATE `users` SET `password` = '$hashed_password' WHERE id = "
As you can see I have problem with my query which should update passwords in my DB.
I have this code written until this point so I need help to proceed my UPDATE query
if (array_key_exists("submit", $_POST) ) {
// connect to our db
$link = mysqli_connect("localhost", "root", "", "secretdi");
// check for connection
if ( mysqli_connect_error() ) {
die("Database Connection Error");
}
$error = "";
if ( !$_POST['email'] ) {
$error .= "An email address is required<br>";
}
if ( !$_POST['password'] ) {
$error .= "A password is required<br>";
}
if ( $error != "" ) {
$error = "<p>There were error(s) in your form:</p>".$error;
} else {
$query = "SELECT id FROM `users` WHERE `email` = '".mysqli_real_escape_string($link, $_POST['email'])."' LIMIT 1";
$results = mysqli_query($link, $query);
if ( mysqli_num_rows($results) > 0 ) {
$error = "That email address is taken.";
} else {
$query = "INSERT INTO `users` (`email`, `password`) VALUES('".mysqli_real_escape_string($link, $_POST['email'])."','".mysqli_real_escape_string($link, $_POST['password'])."') ";
if (!mysqli_query($link,$query)) {
$error = "<p>Could not sign you up - please try again later</p>";
} else {
$password = $_POST['password'];
$hashed_password = password_hash($password, PASSWORD_BCRYPT);
$query = "UPDATE `users` SET `password` = '$hashed_password' WHERE id = "
echo "Sign up successful";
}
}
}
