printing out a table in a while loop

[jeff5656]

The following generic code prints out a given table in my database, by first getting the fieldnames and putting them as the title of each column, and then getting the values.  How do I change it so that if the name of the field is "password", the value will echo "----" instead of the password?

 

$sql = "SELECT * FROM $tablename";

$result = mysql_query($sql) or die("Query failed : " . mysql_error()); 

$row = 1;
?>

<table width="90%" border="1"><?php 
//the MYSQL_ASSOC gets field names instead of numbers
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
if ($row == 1) {
	?><tr><?php
	foreach ($line as $col_key => $col_value) {
		?><th><?php echo $col_key;?></th><?php
	}
	?></tr><?php
}
?><tr><?php
foreach ($line as $col_value) {
	?><td><?php 

	echo $col_value;?></td><?php 
}
?></tr><?php 
$row++;

[PFMaBiSmAd]

A) You should NOT have passwords stored as plain text. You should store then as a hashed/salted value, either md5() or sha1() using some salt string you devise prepended/appended to the actual password before hashing it.

 

B) You would need to get the field name along with the value in the foreach() loop that is printing the value and test if the field name is 'password' and display what you want instead of the actual password.

[jeff5656]

In terms of storing a password using md5,  I see sites that allow you to change your password.  Sometimes  when you change your password the old one has dots to hide it of course, but it's your actual password (i.e. eight character password has 8 dots).  But how do those sites retrieve your actual password from the database?  I ask because I thought md5 was a ONE way encryption.