[eluser]riwakawd[/eluser]
I would like to use the code I have below but keeps on saying You have an error in your SQL syntax. I know about sha1 one not beaning to good I have other added security that not on here.
Code:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'admin'', salt = ''*****'', password = '' ***** ' at line 1
INSERT INTO `user` SET user_id = '1', user_group_id = '1', username = ''admin'', salt = ''*****'', password = ''********'', `status` = '1', email = ''******'', date_added = NOW()
Code:
public function database() {
$file = APPPATH . 'ci.sql';
if (!file_exists($file)) {
exit('Could not load sql file: ' . $file);
}
$lines = file($file);
if ($lines) {
$sql = '';
foreach($lines as $line) {
if ($line && (substr($line, 0, 2) != '--') && (substr($line, 0, 1) != '#')) {
$sql .= $line;
if (preg_match('/;\s*$/', $line)) {
$sql = str_replace("DROP TABLE IF EXISTS `", "DROP TABLE IF EXISTS `" . $this->input->post('db_prefix'), $sql);
$sql = str_replace("CREATE TABLE IF NOT EXISTS `", "CREATE TABLE IF NOT EXISTS `" . $this->input->post('db_prefix'), $sql);
$sql = str_replace("CREATE TABLE `", "CREATE TABLE `" . $this->input->post('db_prefix'), $sql);
$sql = str_replace("INSERT INTO `", "INSERT INTO `" . $this->input->post('db_prefix'), $sql);
$this->db->query($sql);
$sql = '';
}
}
}
}
$data['db_prefix'] = $this->input->post('db_prefix');
$data['username'] = $this->input->post('username');
$data['password'] = $this->input->post('password');
$data['email'] = $this->input->post('email');
$this->db->query("DELETE FROM `" . $data['db_prefix'] . "user` WHERE user_id = '1'");
$this->db->query("
INSERT INTO
`" . $data['db_prefix'] . "user`
SET
user_id = '1',
user_group_id = '1',
username = '" . $this->db->escape($data['username']) . "',
salt = '" . $this->db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "',
password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "',
`status` = '1',
email = '" . $this->db->escape($data['email']) . "',
date_added = NOW()
");
}