Welcome Guest, Not a member yet? Register   Sign In
need help Message: Undefined variable
#2

(This post was last modified: 05-18-2015, 02:10 AM by noobie.)


Hi,

I hope you are just learning and not selling any scripts or programming for money yet, the code you wrote is not safe, it is dangerous actually... but if you are just learning its okay for start, i'm practicing CI for +4 months and still learning security and still don't think i should write for money...

Please read the CodeIgniter's documents before starting to write, the whole point is to use all Framework functions so they can get updated if there are any issues, and also to protect us from mistakes, if you want to just use your own methods, then why use a framework at all?

1. You MD5 a password? and not even salted? please don't... AT THE VERY LEAST use sha256 with a random salt: hash('sha256', $password.$salt) and save salt in database too, even this is not enough but md5 is almost like plain text password today.

2. I noticed the part you use mysql_real_escape_string(), always use "Query Bindings" or CodeIgniter's "Active Record Class" for queries (both are well detailed in documents)

The code you wrote is already deprecated in PHP 5.5 (http://php.net/manual/en/function.mysql-...string.php)

3. Why did you use ` $this->db->where("email", $this->input->post("email")); ` before $q_profile ? i don't see you using it for anything, it's just an additional useless query

And more...


To answer your question, $uid is not defined,
also instead of all that queries you could just use insert_id()

PHP Code:
$query $this->db->insert("user"$data);

if(
$query){
 
$this->db->where("email"$this->input->post("email"));
 
$q_profile $this->db->query("SELECT id FROM user WHERE USERNAME ='{"mysql_real_escape_string($this->input->post('email')). "}' LIMIT 1");
 foreach (
$q_profile->result() as $p){
 
 
$uid $p->id;


simply use:

PHP Code:
$query $this->db->insert("user"$data);

if (
$this->db->affected_rows() < 1)
{
    return 
FALSE;
}

$uid $this->db->insert_id(); 


Please read User Guide first, don't be that lazy...

P.S. Consider using Ion Auth to handle your signup/login/passwords : http://benedmunds.com/ion_auth/
Reply


Messages In This Thread
RE: need help Message: Undefined variable - by noobie - 05-18-2015, 02:01 AM



Theme © iAndrew 2016 - Forum software by © MyBB