Inputting an encrypted password

ashrobbins87 · March 13, 2009

When you enter a password manually into sql you can use

INSERT INTO table VALUES (username, PASSWORD('pass'));

with PASSWORD meaning the password shows as its hash value when viewed. How can I do this when I'm entering a new password from a form?

I've tried

"INSERT INTO cms_users (username, password) 
			VALUES ('".$_POST["username"]."','".$_POST["password"]."')";

but this returns the password as it should be.

Any ideas?

Eiolon · March 13, 2009

You should be sanitizing your data before inserting it. Once you have done that, use something like this:

INSERT INTO users (username, password) VALUES ('$u',PASSWORD('$p'));

P.S. I recommend using at least MD5 instead of PASSWORD. SHA1 is also popular.

fenway · March 13, 2009

PASSWORD() isn't meant to be used by anyone other than mysql... and I hope there's a salt.

ashrobbins87 · March 13, 2009

Thanks, I've update it so its more sanitized as you say!

What is the difference between the PASSWORD and the MD5??

fenway · March 15, 2009

Lots of things... but the important one is that PASSWORD() isn't for "external" use... it's only mean for the users table in the mysql database.

Recommended Posts