Possible Duplicate: Best way to prevent SQL Injection in PHP I’m trying to insert

Question

0

Editorial Team

Asked: June 9, 20262026-06-09T10:13:34+00:00 2026-06-09T10:13:34+00:00

Possible Duplicate: Best way to prevent SQL Injection in PHP I’m trying to insert

0

Possible Duplicate:
Best way to prevent SQL Injection in PHP

I’m trying to insert user’s inputs into a database.
Is this pdo and hash secure enough:

$dbh = new PDO("mysql:host=hostName; dbname=dbName", "user", "pass");
if(isset($_POST['Submit']))
{
$user = $_POST['user'];
$pass = $_POST['pass'];
$salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
$hash = crypt($pass, '$2a$12$' . $salt);
$mail = $_POST['mail'];
$confirm_key=md5(uniqid(rand()));

$sth = $dbh->prepare("INSERT INTO members(user, pass, mail, confirm_key)
VALUES ('$user', '$hash', '$mail', '$confirm_key')");
$sth->execute();

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-09T10:13:36+00:00

Editorial Team

2026-06-09T10:13:36+00:00Added an answer on June 9, 2026 at 10:13 am

You are abusing the prepared statement, change your code to:

$stmt = $dbh->prepare("INSERT INTO members(user, pass, mail, confirm_key) VALUES (:user, :hash,:mail,:confirm)");
$stmt->bindParam(':user', $user);
$stmt->bindParam(':hash', $hash);
...

See here for more details.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Possible Duplicate: Best way to prevent SQL Injection in PHP I’m trying to insert

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply