Jump to content

how to echo properly in a mysql statement

droidus

By droidus
in PHP Coding Help

 Share

Recommended Posts

droidus Regular Member

droidus

Posted
Posted

i have this mysql code, and am not sure how to properly echo the md5 when needed:

 

mysql_select_db($database_uploader, $uploader);    
      	$query = "SELECT * FROM members WHERE uname='"
        . mysql_real_escape_string($loginUsername) . 
	"' AND pword='" . if(!isset($_SESSION['remember_me_check'])) { echo "md5"; } (mysql_real_escape_string($loginPassword)) . "'"; 

 

the reason i'm doing this, is because if the user selects "remember me", i save the password (md5) to a cookie, then just use that to login along with their username to log them in.

MasterACE14 Advanced Member

MasterACE14

Posted
Posted

I'm really not sure what you're trying to do with your code...

$query = "SELECT * FROM members WHERE uname='"
        . mysql_real_escape_string($loginUsername) . 
	"' AND pword='" . md5(mysql_real_escape_string($loginPassword)) . "'"; 

droidus Regular Member

droidus

Posted
  • Author
Posted

if the user checks "remember me", i want to set the password, but i don't want anybody to be able to actually see that password, so i use md5 on it to scramble it.  then they login with this, since you can't unscramble an md5.  so, either the password will be 1234, or t5gt.  if the cookies are set, i have to not use md5, since it is already in that format.  in my database, my passwords have md5 already applied to them.  do you know what i mean now?

TeNDoLLA Newbie

TeNDoLLA

Posted
Posted

I'm really not sure what you're trying to do with your code...

$query = "SELECT * FROM members WHERE uname='"
        . mysql_real_escape_string($loginUsername) . 
	"' AND pword='" . md5(mysql_real_escape_string($loginPassword)) . "'"; 

 

This is the solution

iStriide Member

iStriide

Posted
Posted

Well I guess if people are logging in with their already md5'ed password then it wouldn't need to be md5'ed again, but if people are just logging  in with their normal password (Ex: Password: mypassword00) then it would need to md5'ed to find it in the query.

 

I think it is how md5 works. Not sure if it just generates a random mumbo jumbo of letters, but I think that is how it goes.

droidus Regular Member

droidus

Posted
  • Author
Posted

ok, so that is why the md5 needs to be echoed, on the condition of whether the cookie is set or not.  so maybe i should do..

 

if cookie is already set, do not use md5 (then query...)

if cookie is not set, md5 the password (then query...)

 

here is what i was looking for:

 

if (!$blank_fields) {

if(isset($_SESSION['remember_me_check'])) {

mysql_select_db($database_uploader, $uploader);   

      $query = "SELECT * FROM members WHERE uname='"

        . mysql_real_escape_string($loginUsername) .

"' AND pword='" . (mysql_real_escape_string($loginPassword)) . "'"; 

      $result = mysql_query($query) or die(mysql_error());

} else {

mysql_select_db($database_uploader, $uploader);   

      $query = "SELECT * FROM members WHERE uname='"

        . mysql_real_escape_string($loginUsername) .

"' AND pword='" . md5((mysql_real_escape_string($loginPassword))) . "'"; 

      $result = mysql_query($query) or die(mysql_error());

}

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.