Xtremer360 Posted December 2, 2010 Share Posted December 2, 2010 Is this okay to do for dealing with passwords before running an insert query into a database? $password = sha1(mysqli_real_escape_string($dbc, $_POST['password'])); Quote Link to comment https://forums.phpfreaks.com/topic/220501-sha1/ Share on other sites More sharing options...
shlumph Posted December 2, 2010 Share Posted December 2, 2010 Sure. Note that SHA1 won't generate quotations, so you *could* do: $password = sha1($_POST['password']); if you wanted. Quote Link to comment https://forums.phpfreaks.com/topic/220501-sha1/#findComment-1142376 Share on other sites More sharing options...
requinix Posted December 2, 2010 Share Posted December 2, 2010 In fact, you shouldn't mysqli_real_escape_string the password if you're going to hash it right afterwards. You're corrupting the data. You should, on the other hand, "corrupt" the password intentionally by using a salt. It's an added security measure but requires that you track the salt (or figure a good way to compute it, creating the same salt everytime for the same person but a different salt for a different person) and the password. Quote Link to comment https://forums.phpfreaks.com/topic/220501-sha1/#findComment-1142378 Share on other sites More sharing options...
Xtremer360 Posted December 2, 2010 Author Share Posted December 2, 2010 Thank you both. Quote Link to comment https://forums.phpfreaks.com/topic/220501-sha1/#findComment-1142387 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.