Solution Recipe for adding Hashed Password causes Incorrect table name ''

Hello,

I am trying to implement hashed passwords for SecurityAssist. I am following the series of seven videos @ securityassist/ that describe how to modify SecurityAssist generated pages to use a hashed password.

I have carefully completed all of the steps but when I fill out a User Registration form and push Register I get an page back that simply contains:

Incorrect table name ''

Can somebody give me some idea about what would cause this error or some suggestions on how to start to debug this? The two single quotes with no context suggest that perhaps a variable has not been set to a value but since all the pages are generated by SecurityAssist I don't see how this would happen. In particular, I have located $WA_table in the user_Registration.php page that is being processed and I see that it is set to a value so it is not empty.

Thank you!

can you send a copy of the registration page in a zip archive so I can look at the code.

Hi Jason.

Thanks for the reply. I've attached the zip.


<attachment removed>

cahnge:
$WA_table = "`user`";

to:
$WA_table = "user";



the issue is caused by using the table named "user". this is a reserved word in some databases.

Hi Jason,

Thanks for figuring that one out! In retrospect, using an ID of "user" was probably careless - shouda guessed that might be a problem! I changed the table name to user_profile and replaced user w/that new ID in the registration page and got the same error. Then I removed the ` as you had suggested when I was using the name= user and it worked fine. To be clear, is it the case that the ` characters were added (by who) because "user" is a reserved ID and that in turn caused confusion (for the server?)? So the problem that generated the error message was actually the ` characters? Can you give me a little more info on exactly what when wrong here and why?

Thanks again!

the problem is that our code is being a little too protective of reserved words, it is a bug that has been logged.

the code to create the sql automatically places the "`" character around the table name.

There is also a reserved words list that is checked, if the table name you are using is on this list, then the $WA_table variable gets set with the "`" character as well.

This results in the SQL being created as:

SELECT ``user`` ....

so it's doubling up the "`" character causing the error.

Hi Jason,

Thanks for taking the time to fill in the details. As a software developer (C++, Java, SQL, ...) I'm always interested in "what went wrong" to try and learn from it.

Another "5 Star" reply!

Finally, can I (you) remove the attached .zip file? It appears that it can be downloaded by anyone and it contains info about the client's site. Since the problem and solution are fully described in the text of the thread nothing is lost by removing it.

Thanks again.

Sure, the attachment has been removed.