Xtremer360 Posted December 2, 2010 Share Posted December 2, 2010 Is this okay to do for dealing with passwords before running an insert query into a database? $password = sha1(mysqli_real_escape_string($dbc, $_POST['password'])); Link to comment https://forums.phpfreaks.com/topic/220501-sha1/ Share on other sites More sharing options...
shlumph Posted December 2, 2010 Share Posted December 2, 2010 Sure. Note that SHA1 won't generate quotations, so you *could* do: $password = sha1($_POST['password']); if you wanted. Link to comment https://forums.phpfreaks.com/topic/220501-sha1/#findComment-1142376 Share on other sites More sharing options...
requinix Posted December 2, 2010 Share Posted December 2, 2010 In fact, you shouldn't mysqli_real_escape_string the password if you're going to hash it right afterwards. You're corrupting the data. You should, on the other hand, "corrupt" the password intentionally by using a salt. It's an added security measure but requires that you track the salt (or figure a good way to compute it, creating the same salt everytime for the same person but a different salt for a different person) and the password. Link to comment https://forums.phpfreaks.com/topic/220501-sha1/#findComment-1142378 Share on other sites More sharing options...
Xtremer360 Posted December 2, 2010 Author Share Posted December 2, 2010 Thank you both. Link to comment https://forums.phpfreaks.com/topic/220501-sha1/#findComment-1142387 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.