Password Method Issue

shruti · August 21, 2019, 5:26am

I have an old file for employee registration. In this php file I have a sql query as follows:

$result3 = mysqli_query("insert into emp_username_db values ('$remp_id', password('password'), '', '', now(), '$etgi', '')");
                            if (!$result3)
                                die('Invalid query3: ' . mysqli_error());

Can anybody help me know what is the format used for password creation? I mean the method password(‘password’). Trying to find out the method, please help me know it.

tp45 · August 21, 2019, 8:04am

You have to hash the password outside the query before inserting it
Something like

$password = $_POST['password'];
$hashedpassword = password_hash($password, PASSWORD_DEFAULT);
$result3 = mysqli_query("insert into emp_username_db(remp_id,password,datetime,etgi) values ('$remp_id', '$hashedpassword', '', '', now(), '$etgi', '')");

And you will use this function to verify passwords

if(password_verify($password, $hashedpassword)){
   //do anything here
}

shruti · August 21, 2019, 12:25pm

Thank you so very much for clearing my doubts.