Encode/Decode

[cerin]

I have successfully encoded some text using the Encode command referred to [a href=\"http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html\" target=\"_blank\"]here[/a]. Now, I am trying to decode the string I just encoded. I don't see what exactly I have to pass as the arguement "crypt_str" or at least how to identify it without typing the encoded text. I have tried stuff like
[code]WHERE userid='username' SET password=DECODE(tons of tried things here,'password');[/code]

I seems to me that MySQL has syntax with zero flexibility.

[wickning1]

To encode something:

UPDATE table SET passwordcolumn = ENCODE("thePassword", "yourSalt") WHERE id=1;

To decode it:

SELECT DECODE(passwordcolumn, "yourSalt") FROM table WHERE id=1;

You must choose a salt, that is your secret key for decoding the string. If there was no secret key, and all you had to do to decode it was say DECODE(passwordcolumn), then anybody could do it, and there'd be no point encrypting it. Clear?

[cerin]

Ok, I've got that down. Thanks for the help. Can I make the password column auto encode data inserted into it?

[wickning1]

You'd have to store the salt in MySQL, which would compromise it.

[fenway]

For passwords, you might as well store the MD5-encrypted string -- just make sure to encode it on the PHP side.

[cerin]

Can I make it so that when I select and decode, so that the column with the decoded password isn't named "DECODE(passwordcolumn,'pass')"?

[wickning1]

Yes, use an alias.

[code]SELECT DECODE (passwordcolumn, 'pass') as pwd FROM table[/code]

Then in PHP you'd be able to access it with $row['pwd']