Jump to content


Photo

md5 function


  • Please log in to reply
8 replies to this topic

#1 OLM3CA

OLM3CA
  • Members
  • PipPipPip
  • Advanced Member
  • 52 posts
  • LocationCyprus

Posted 24 August 2006 - 08:39 PM

hi again
i want to crypte the id's of news with md5
my code :
                 
while ($row = mysql_fetch_array($result)) {

	echo "<a href='news.php?newsID=".$row['id']."'>".$row['title']."</a>";  }

i made it like this :
echo "<a href='news.php?newsID=".[color=red]md5($row['id'])[/color]."'>".$row['title']."</a>";

its okey the link is shown like this .....news.php?newsID=sad56asdasfda65dg76g326ge76gb6dsa
but when I click the link,I have an error :

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in ....
am I need to change anything in the SQL query ?
and my query :

       
$query = "SELECT title,id FROM newss LIMIT 0, 12";
	$result = mysql_db_query("xxxx",$query);

AMD rather than Intel , PHP rahter than ASP

#2 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 24 August 2006 - 08:43 PM

Query looks fine for me, but is your news table actually spelt as newss (note the extra s).

#3 OLM3CA

OLM3CA
  • Members
  • PipPipPip
  • Advanced Member
  • 52 posts
  • LocationCyprus

Posted 24 August 2006 - 08:52 PM

oh sorry I forgot the real point i open the link in an other page links are on the index.php but when i click the link opening in news.php am i need to change anything on this page ?

//Links are opened in this page
$query2="SELECT * FROM newss WHERE id=$newsID";
$result2= mysql_db_query("xxxx",$query2);

while ($row2 = mysql_fetch_array($result2)) {
          
             echo $row2['title']; 
             echo $row2['metin'];
}

there is no problem with the newss  double s
AMD rather than Intel , PHP rahter than ASP

#4 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 24 August 2006 - 08:54 PM

It seems to me like you:

1) Fetch a regular id from a db.
2) Md5 it, pass it to news.php.
3) Use it (MD5'd  ???) to fetch a record from the table.

If so, it's pretty obvious why it doesn't work, wouldn't you agree?

Your query is not returning any results, as there are no records with an id like sad56asdasfda65dg76g326ge76gb6dsa...

#5 OLM3CA

OLM3CA
  • Members
  • PipPipPip
  • Advanced Member
  • 52 posts
  • LocationCyprus

Posted 24 August 2006 - 09:02 PM

sorry ı dont exactly understand you 448191 my english is not good enough but let me explain

the codes and queries that ı post in my first message is in index page
md5 it and send it to news.php  there is a code like this in news.php

if(newsID) {

$query2="SELECT * FROM newss WHERE id=$newsID";
$result2= mysql_db_query("xxxx",$query2);

while ($row2 = mysql_fetch_array($result2)) {
          
             echo $row2['title']; 
             echo $row2['metin'];
} }

i think the problem is the query in news.php doesnt recognise the md5 code for newsID ??
AMD rather than Intel , PHP rahter than ASP

#6 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 24 August 2006 - 09:09 PM

Of course it doesn't. It's a completely different string! If you want to encrypt id's, you have to either store them encrypted, or use a method that allows for decryption.

If you can read Dutch, I can explain it to you in Dutch, otherwise I think I'll have someone else have a go.

#7 OLM3CA

OLM3CA
  • Members
  • PipPipPip
  • Advanced Member
  • 52 posts
  • LocationCyprus

Posted 24 August 2006 - 09:10 PM

not dutch can you tell me what should ı do in english
AMD rather than Intel , PHP rahter than ASP

#8 jdforsythe

jdforsythe
  • Members
  • PipPip
  • Member
  • 17 posts

Posted 24 August 2006 - 09:49 PM

i don't understand why you're wanting to md5() the id.  is it a unique id number for a post or something like that in your database?  what is the problem with people seeing the id number?

anyway, i'll use this example to show you why it's not working.

keep in mind first that you cannot UN-md5()!

let's say you have a database with the following:
table name = "news"













id (unique) title text
1 Headline This is the article text.  Blah...


now you have an html page which shows a link to this article (you use a php script, but i'm using this just for an example).  the link points to a php script and passes parameters (GET - ?id=#) and that script looks up and shows the data from the table.

html:
<a href="lookup_news.php?id=1">Headline</a>

lookup_news.php:
$query = "SELECT * FROM news WHERE id = $_GET['id']";

this works fine.  now look at what happens if you md5() the id "1":
<a href="lookup_news.php?id=c4ca4238a0b923820dcc509a6f75849b">Headline</a>

so nobody can see your id, right?  the problem comes in lookup_news.php.

the value you passed in the first example made $_GET['id'] = "1" which matches up with the entry in your database.  however this time around $_GET['id'] = "c4ca4238a0b923820dcc509a6f75849b".

so when you look up SELECT * FROM news WHERE id = "c4ca4238a0b923820dcc509a6f75849b" it won't return any results because the id is 1, not md5("1") (c4ca4238a0b923820dcc509a6f75849b).

there are several ways to solve this.  first, if you don't absolutely need to hide the id, then don't.  a better way to hide the id from the address bar is to use mod_rewrite, which i won't get into here.

if it's necessary that you use md5() to hide the id, then you must store the id in the database as the md5(id).  you need your database to look like this:
table name = "news"













id (unique) title text
c4ca4238a0b923820dcc509a6f75849b Headline This is the article text.  Blah...



this is achieved by changing the script that inserts those news entries into the database.

for instance:

$title = "Headline";
$text = "This is the article text. Blah...";
$id = "1";
$new_id = md5($id);

and insert the $new_id instead of the $id, so that it stores the md5'd version of the id instead of the original "1".  then you can perform a lookup with the md5'd id in the html/php and it will return the result you desire.

i hope that answers your question.  it basically boils down to the fact that there is no way to UN-md5 the id after you send it to the php script.  either the id you send and the id in the database have to BOTH be md5() or NEITHER.  i think you can see that php and mysql will not say that 1 = c4ca4238a0b923820dcc509a6f75849b

#9 OLM3CA

OLM3CA
  • Members
  • PipPipPip
  • Advanced Member
  • 52 posts
  • LocationCyprus

Posted 24 August 2006 - 10:37 PM

Thank you very much its not the point that i want to hide id i want to know somethıng else about the md5 and i got it from your text thank you and thank you other repliers for my message.This really helps me and i understand where to you md5  ;)
AMD rather than Intel , PHP rahter than ASP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users