ashrobbins87 Posted March 13, 2009 Share Posted March 13, 2009 When you enter a password manually into sql you can use INSERT INTO table VALUES (username, PASSWORD('pass')); with PASSWORD meaning the password shows as its hash value when viewed. How can I do this when I'm entering a new password from a form? I've tried "INSERT INTO cms_users (username, password) VALUES ('".$_POST["username"]."','".$_POST["password"]."')"; but this returns the password as it should be. Any ideas? Quote Link to comment Share on other sites More sharing options...
Eiolon Posted March 13, 2009 Share Posted March 13, 2009 You should be sanitizing your data before inserting it. Once you have done that, use something like this: INSERT INTO users (username, password) VALUES ('$u',PASSWORD('$p')); P.S. I recommend using at least MD5 instead of PASSWORD. SHA1 is also popular. Quote Link to comment Share on other sites More sharing options...
fenway Posted March 13, 2009 Share Posted March 13, 2009 PASSWORD() isn't meant to be used by anyone other than mysql... and I hope there's a salt. Quote Link to comment Share on other sites More sharing options...
ashrobbins87 Posted March 13, 2009 Author Share Posted March 13, 2009 Thanks, I've update it so its more sanitized as you say! What is the difference between the PASSWORD and the MD5?? Quote Link to comment Share on other sites More sharing options...
fenway Posted March 15, 2009 Share Posted March 15, 2009 Lots of things... but the important one is that PASSWORD() isn't for "external" use... it's only mean for the users table in the mysql database. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.