0
$uname = $MySQLi_CON->real_escape_string(trim($_POST['user_name']));
$email = $MySQLi_CON->real_escape_string(trim($_POST['user_email']));
$upass = $MySQLi_CON->real_escape_string(trim($_POST['password']));

$new_password = password_hash($upass, PASSWORD_DEFAULT);

$check_email = $MySQLi_CON->query("SELECT email FROM users WHERE email='$email'");
$count=$check_email->num_rows;

$RandomKey = mt_rand(1,50);
**$RegKey = hash_hmac('sha512', $value, $RandomKey);** getting error Undefined variable: value line 21. This is line 21. 
$Status = 'online';
$Banned = 'no';

Any help would be amazing.

RiggsFolly
  • 83,545
  • 20
  • 96
  • 136
Jason Bolton
  • 1
  • Well I cannot see where you create `$value` in the code you show us, So do we assume as the error message says you didnt actually create it yet? – RiggsFolly May 14 '18 at 15:55
  • Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's – RiggsFolly May 14 '18 at 15:56
  • Yeah its weird that there is nowhere in the code provided by the person giving the tutorial on youtube that $value is not defined. yet his code works. when i try to define it i get a registration error without an explanation. – Jason Bolton May 14 '18 at 16:02
  • Beware out there. Most supposed PHP tutorials are really just click bait. They are rarely very good and hardly ever tested, and almost never updated – RiggsFolly May 14 '18 at 16:04
  • Or possibly you just missed an earlier step in the tutorial – RiggsFolly May 14 '18 at 16:05
  • he provided all of the other pages. Is there a value i can give $value that would make the line work? – Jason Bolton May 14 '18 at 16:08

0 Answers0