Inputting an encrypted password

[ashrobbins87]

When you enter a password manually into sql you can use

INSERT INTO table VALUES (username, PASSWORD('pass'));

with PASSWORD meaning the password shows as its hash value when viewed. How can I do this when I'm entering a new password from a form?

 

I've tried

"INSERT INTO cms_users (username, password) 
			VALUES ('".$_POST["username"]."','".$_POST["password"]."')";

but this returns the password as it should be.

 

Any ideas?

[Eiolon]

You should be sanitizing your data before inserting it.  Once you have done that, use something like this:

 

INSERT INTO users (username, password) VALUES ('$u',PASSWORD('$p'));

 

P.S. I recommend using at least MD5 instead of PASSWORD.  SHA1 is also popular.

[fenway]

PASSWORD() isn't meant to be used by anyone other than mysql... and I hope there's a salt.

[ashrobbins87]

Thanks, I've update it so its more sanitized as you say! 

 

What is the difference between the PASSWORD and the MD5??

[fenway]

Lots of things... but the important one is that PASSWORD() isn't for "external" use... it's only mean for the users table in the mysql database.