This is the code:
<html>
<body>
<?php
$valid = true;
//Check for first name value
if (empty($_POST['texts'])) {
echo 'You forgot to type something in<br />';
$valid = false;
}
if ($valid == true) {
$conn1 = mysqli_connect('xxx') or die('Error connecting to MySQL server.');
$name= $_POST['name'];
$title= sha1($_POST['title']);
$texts= $_POST['texts'];
$forum_id = $_POST['forum_id'];
$name = str_replace("'","''",$name);
$title = str_replace("'","''",$title);
$title = str_replace("b074acd521","STREAMER",$title);
$texts = str_replace("'","''",$texts);
$title = substr($title,0,8);
$sql = "INSERT INTO post (name,title, texts, forum_id) VALUES ('$name', '$title', '$texts', '$forum_id')";
mysqli_query($conn1, $sql) or die('Error inserting to database.');
mysqli_close($conn1);
header('Location: requests.php');
}
else {
echo 'Click <a href="javascript:history.go(-1)">HERE</a> to go back and adjust your entry.';
}
?>
</body>
</html>
When I make a post on the site and leave the id field empty it still generates an ID, how can I fix this? Also, if the name field is empty how can I make it default to a something?
Most (if not all) hashing algorithms will hash an empty string. If they didn’t, they wouldn’t really be “honest” hashes. The idea is that you shouldn’t be able to decipher the hash to the original input. For example, if the following:
and
used a hash algorithm that treated empty space as unhashable, then they would get the same hash, which would make it easier to crack.
If you don’t want empty strings to be hashed, you need to check the string before hashing it. Something like: