Hello everybody,
I have a form on php to sign on a customer with name, dob, etc and a password to store in the DB.
The way I have thought would be more safe is to store details on one table and passwords in another table.
The DB has two tables, one customers and another called passwords.
i don’t know if its because the relation between tables that when i submit the form, the details are stored but not the passwords.
any suggestions of why are the passwords not stored?
I am not an expert in PHP, but I can recommend that you check your code and make sure that you add data to the password table.
I don’t see the point in storing passwords separately from other user data. To secure passwords, you can encrypt them using a hash function.
I tried to store the password in the same table with the columns psw and repeate-psw but it doesnt store it anyway.
that will be the code for the store it
sorry is a mix of languages
I will post the form as well
<?php
//Asigno a variables de php los valores que vienen del formulario
$email = $_POST["email_txt"];
$nombre = $_POST["nombre_txt"];
$surname = $_POST["surname_txt"];
$sexo = $_POST["sexo_rdo"];
$nacimiento = $_POST["nacimiento_txt"];
$telefono = $_POST["telefono_txt"];
$pais = $_POST["pais_slc"];
$psw = $_POST["psw"];
$psw_repeate = $POST["psw_repeat"];
// $encrypted_psw = openssl_encrypt($psw, 'AES-256-CBC', $psw_repeate);
//dependiendo el sexo ponemos una imagen predeterminada
$imagen_generica = ($sexo=="M")?"amigo.png":"amiga.png";
//verificamos que no exista previamente el email del usuario en la BD
include("conexion.php");
$consulta = "SELECT * FROM contactos WHERE email='$email'";
$ejecutar_consulta = $conexion->query($consulta);
$num_regs = $ejecutar_consulta->num_rows;
//Si $num_regs es igual a 0, insertamoslos datos en la tabla, sino mandamos un mensaje que diga que el usuario existe
if($num_regs == 0)
{
//Se ejecuta la funcion para subir la imagen
include("funciones.php");
$tipo = $_FILES["foto_fls"]["type"];
$archivo = $_FILES["foto_fls"]["tmp_name"];
$se_subio_imagen = subir_imagen($tipo,$archivo,$email);
//Si la foto en el formulario viene vacia, entonces le asigno el valor de la imagen genérica, sino entonces el nombre de la foto que se subio.
$imagen = empty($archivo)?$imagen_generica:$se_subio_imagen;
$consulta = "INSERT INTO contactos (email,nombre,surname,sexo,nacimiento,telefono,pais,imagen,psw,psw_repeate) VALUES ('$email','$nombre','$surname','$sexo','$nacimiento','$telefono','$pais','$imagen','$psw','$psw_repeate)";
$ejecutar_consulta = $conexion->query(($consulta));
// $consulta_psw = "INSERT INTO passwords (email,psw) VALUES ('$email','$psw')";
// $ejecutar_consulta = $conexion->query(($consulta));
if($ejecutar_consulta)
$mensaje = "Se ha dado de alta al contacto con el email <b>$email</b> :)";
else
$mensaje = "No se pudo dar de alta al contacto con el email <b>$email</b> :(";
}
else
{
$mensaje = "No se pudo dar de alta al contacto con el email <b>$email</b> por que ya existe :/";
}
$conexion->close();
header("Location: ../index.php?op=alta&mensaje=$mensaje");
?>
<form id="alta-contacto" name="alta_frm" action="php/agregar-contacto.php" method="post" enctype="multipart/form-data">
<fieldset>
<!-- <legend>Alta de Contacto</legend> -->
<legend>
<h1>Sign Up</h1>
<p>Please fill in this form to create an account.</p>
</legend>
<hr>
<div>
<label for="email">Email: </label>
<input type="email" id="email" class="cambio" name="email_txt" placeholder="Email" title="Tu email" required />
</div>
<div>
<label for="nombre">Name: </label>
<input type="text" id="nombre" class="cambio" name="nombre_txt" placeholder="Name" title="Tu nombre" required />
</div>
<div>
<label for="surname">Surname: </label>
<input type="text" id="surname" class="cambio" name="surname_txt" placeholder="Surname" title="Surname" required />
</div>
<div>
<label for="m">Sex: </label>
<input type="radio" id="m" name="sexo_rdo" title="Tu sexo" value="M" required /> <label for="m">Male</label>
<input type="radio" id="f" name="sexo_rdo" title="Tu sexo" value="F" required /> <label for="f">Femail</label>
<input type="radio" id="o" name="sexo_rdo" title="Tu sexo" value="O" required /> <label for="o">Prefer not to Say</label>
</div>
<div>
<label for="nacimiento">Birthday: </label>
<input type="date" id="nacimiento" class="cambio" name="nacimiento_txt" title="Tu cumple" required />
</div>
<div>
<label for="telefono">Phone: </label>
<input type="number" id="telefono" class="cambio" name="telefono_txt" placeholder="Phone Number" title="Tu teléfono" required />
</div>
<!-- /////////////////////////////// -->
<!-- <form action="/action_page.php" style="border:1px solid #ccc"> -->
<!-- <div class="container"> -->
<!-- <h1>Sign Up</h1>
<p>Please fill in this form to create an account.</p>
<hr> -->
<!-- <label for="email"><b>Email</b></label>
<input type="text" placeholder="Enter Email" name="email" required> -->
<!-- <div class="clearfix">
<button type="button" class="cancelbtn">Cancel</button>
</div> -->
<!-- </div> -->
<!-- </form> -->
<!-- ////////////////// -->
<div>
<label for="pais">Country: </label>
<select id="pais" class="cambio" name="pais_slc" required>
<option value="">- - -</option>
<?php include("select-pais.php"); ?>
</select>
</div>
<!-- As a part of the SQL statement (see above).
In the application code.
In a file on the same server.
In a file on a separate server.
In a separate table in the MySQL database. -->
<div>
<label for="psw"><b>Password</b></label>
<input type="password" class="cambio" id="psw" placeholder="Enter Password" name="your-psw" required>
<label for="psw_repeat"><b>Repeat Password</b></label>
<input type="text" class="cambio" id="psw_repeat" placeholder="Repeat Password" name="repeat psw" required>
<label>
<input type="checkbox" class="cambio" checked="checked" name="remember" style="margin-bottom:15px"> Remember me
</label>
<p>By creating an account you agree to our <a href="#" style="color:dodgerblue">Terms & Privacy</a>.</p>
</div>
<!-- end password form -->
<div>
<input type="submit" id="enviar-alta" class="cambio" name="enviar_btn" value="agregar" />
</div>
<div>
<input type="submit" id="cancel" class="cambio" name="cancel" value="cancel" />
<!-- <button type="button" class="cambio">Cancel</button> -->
</div>
<?php include("php/mensajes.php"); ?>
</fieldset>
</form>
There is a typo here
Also, the name of the fields in your form and the names you are using to get the data from the $_POST do not match. In the form, the name for password is “your-psw” and for repeat password it’s “repeat psw”, but in your code, you are trying to access them using “psw” and “psw_repeat”. You need to make sure that these match.
$psw = $_POST["your-psw"];
$psw_repeate = $_POST["repeat psw"];
Also, check the name attribute of the password fields in your HTML form and they need to match with the ones you are using in your PHP script.
<label for="psw"><b>Password</b></label>
<input type="password" class="cambio" id="psw" placeholder="Enter Password" name="your-psw" required>
<label for="psw_repeat"><b>Repeat Password</b></label>
<input type="password" class="cambio" id="psw_repeat" placeholder="Repeat Password" name="repeat psw" required>
Try do all this and see if it works.
2 Likes
Thank you WindLoter,
Just learning and learning.
Thank you.
3 Likes
Of course! We all had to start from somewhere!
Did it worked?
3 Likes
Hello again,
hi WindLother
at the moment something different happened, the fields psw and psw_repeate in the table xxx now says NULL, that didn’t happen before so, I think I’m in the right way, I think.
I suppose, because the type of field psw and psw_repeate are password it won’t show anything on the table, right 
?
<div>
<label for="psw"><b>Password</b></label>
<input type="password" class="cambio" id="psw" placeholder="Enter Password" name="psw" >
<label for="psw_repeate"><b>Repeat Password</b></label>
<input type="password" class="cambio" id="psw_repeate" placeholder="Repeat Password" name="psw_repeate">
<!-- <label>
<input type="checkbox" class="cambio" checked="checked" name="remember" style="margin-bottom:15px"> Remember me
</label> -->
<p>By creating an account you agree to our <a href="#" style="color:dodgerblue">Terms & Privacy</a>.</p>
</div>
$email = $_POST["email_txt"];
$nombre = $_POST["nombre_txt"];
$surname = $_POST["surname_txt"];
$sexo = $_POST["sexo_rdo"];
$nacimiento = $_POST["nacimiento_txt"];
$telefono = $_POST["telefono_txt"];
$pais = $_POST["pais_slc"];
$psw = $_POST["psw"];
$psw_repeat = $POST["psw_repeate"];
How is that…
There’s a typo here no?
I just change it, I thought I did change it before.
you already mention it.
Correcting the typo should prevent NULL values.
Just to clarify, the input type of ‘password’ in HTML doesn’t affect how data is stored in your database. It just obscures the entered text in the browser to maintain privacy. When this data is sent to the server, it is sent as plain text.
I corrected the typo and yes, now doesn’t say null in the DB.
which would be the best type of data in the database?
I put ‘psw VARCHAR(100)’
now when I submit the form the column ‘PSW’ of the DB is filled with the password i type in the form but not the ‘PSW_REPEATE’
I’m looking if I can see typo but nothing cant see.
do you know if Is there any tool for VS code to locate this kind of errors?
varchar(100) is already good enough.
VS Code have a lot of extensions that you can install which help you (like PHP Intelephense).
About the psw_repeate make sure that you’re not forgetting to actually fill in this field in your form. The code you provided seems to be nothing wrong with it, so if you still got the error is probably elsewhere in your code.
Gosh, I found the typo… did take 1 day of rest to locate the typo.
$email = $_POST["email_txt"];
$nombre = $_POST["nombre_txt"];
$surname = $_POST["surname_txt"];
$sexo = $_POST["sexo_rdo"];
$nacimiento = $_POST["nacimiento_txt"];
$telefono = $_POST["telefono_txt"];
$pais = $_POST["pais_slc"];
$psw = $_POST["psw"];
$psw_repeate = $POST["psw_repeate"];
is on $psw_repeate on the $_POST[“psw_repeate”];
can you see it… 
But… I told you here:
I though I did fix it before, so I didn’t paid more attention… 
I’m now with the confirmation password.
the passwords have to be the same in ‘psw’ and ‘psw_repeate’ and if not, show a text saying they are different.
I started with this
$email = $_POST["email_txt"];
$nombre = $_POST["nombre_txt"];
$surname = $_POST["surname_txt"];
$sexo = $_POST["sexo_rdo"];
$nacimiento = $_POST["nacimiento_txt"];
$telefono = $_POST["telefono_txt"];
$pais = $_POST["pais_slc"];
$psw = $_POST["psw"];
$psw_repeate = $_POST["psw_repeate"];
// $encrypted_psw = openssl_encrypt($psw, 'AES-256-CBC', $psw_repeate);
function psw_equal($psw, $psw_repeate)
{
return $psw === $psw_repeate;
}
if (psw_equal($psw, $psw_repeate)) {
$ejecutar_consulta;
} else {
echo "<br /><span class='mensaje'><h1>noooooo</h1></span><br />";
}
// if ($_POST["psw"] === $_POST["psw_repeate"]) {
// echo"<h1>passwords</h1>";
// } else {
// echo "<h1>the passwords have to be identical</h1>";
// }
I’m not sure if I’m in the right path.
any suggestions would be appreciated.
Ta
1 Like
You’re pretty much in the right track.
Only advise would be that you should be hashing passwords before storing them in your database using something like password_hash($psw, PASSWORD_DEFAULT).
(Only hashing, not encrypting)
2 Likes
It’s perfectly safe to store passwords and user data in the same table (for example, Discourse does that), just don’t send passwords to the client.
1 Like
Hello all,
I still don’t know why when I put two different passwords and submit, the passwords are stored in the DB.
in theory with this piece of code when I write a different password in the password fields, the submit should say. " The passwords have to be identical". am I right?
$psw = $_POST["psw"];
$psw_repeate = $_POST["psw_repeate"];
// $encrypted_psw = openssl_encrypt($psw, 'AES-256-CBC', $psw_repeate);
function psw_equal($psw, $psw_repeate)
{
return $psw === $psw_repeate;
}
if (psw_equal($psw, $psw_repeate)) {
$ejecutar_consulta;
} else {
echo "<br /><span class='mensaje'><h1>noooooo</h1></span><br />";
}
If I’m right, what is going on… 
any explanation…