1

I want to encrypt password in php by use md5 function and I have got an error.

Fatal error: Uncaught Error: Using $this when not in object context in ....(line)

This code I follow up from this link but it was error. I tried to search the similar question on stackoverflow but I doesn't found the same case as me. This is my code. Anyone can help me, please?

The line that found error. $this->stmt = $this->pdo->prepare($sql);

This is my code

<?php
    require_once('connect01.php');

    function addUser($name, $password){
        $hash = md5($password);
        $sql = "INSERT INTO `user` (`username`, `pass`) VALUES ('$name','$password')";
        $this->stmt = $this->pdo->prepare($sql);
        return $this->stmt->execute([$name, $hash]);
    }

    if(isset($_POST['submit'])){

        addUser($_POST['username'], $_POST['pass']);
    }
    ?>
Thanasit Suwanposri
  • 37
  • 4
  • 2
    your function isn't wrapped within a class definition, therefore `$this` is unavailable for use. http://php.net/manual/en/language.oop5.basic.php – Scuzzy Jan 29 '19 at 03:53
  • 3
    **DO NOT USE MD5 FOR PASSWORD HASHING**. Use `password_hash` and `password_verify`. Seriously. Please. Pleaaaaassseee. – Luke Joshua Park Jan 29 '19 at 03:57
  • 1
    You need to have placeholders in your query. It won't bind otherwise. `md5` is not an encryption (and passwords shouldn't be encrypted). e.g. ``$sql = "INSERT INTO `user` (`username`, `pass`) VALUES (?, ?)";`` – user3783243 Jan 29 '19 at 04:01

1 Answers1

1

$this is not particularly useful outside of a class. Once you learn about classes, you can go back to that site you found.

If you want to use addUser(), you need a class where the $pdo class property is an instance of the PDO class and the $statement class property is an instance of the PDOStatement

The previous page showed you a script named database.php containing the DB class, a model in the model-view-controller design pattern. It fits the requirements stated above.

The most direct way to get this up and running is to add the DB class definition to your script and put the function definition of addUser() inside of it.

Once you have that set up, and once you learn about inheritance, you may consider keeping the DB class in your script but leaving as you found it, without addUsers(). You can still use and add to it if you extends it:

class User extends DB
{
    function addUser($name, $password)
    {
        $hash = md5($password);
        $sql = "INSERT INTO `user` (`username`, `pass`) VALUES ('$name','$password')";
        $this->stmt = $this->pdo->prepare($sql);
        return $this->stmt->execute([$name, $hash]);
    }
}

Keep in mind that if you choose this approach, you will need to change DB::$pdo and DB::$stmt from private to protected:

class DB
{
    protected $pdo = null;
    protected $stmt = null;
/* keep the rest of the class the same */

This is because private class properties are not usable ("visible") by a class that extends the first class, but protected class properties are. This is part of a concept called visibility.

zrhoffman
  • 109
  • 3