Jump to content


Photo

Encode/Decode


  • Please log in to reply
6 replies to this topic

#1 cerin

cerin
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 25 February 2006 - 07:48 PM

I have successfully encoded some text using the Encode command referred to [a href=\"http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html\" target=\"_blank\"]here[/a]. Now, I am trying to decode the string I just encoded. I don't see what exactly I have to pass as the arguement "crypt_str" or at least how to identify it without typing the encoded text. I have tried stuff like
WHERE userid='username' SET password=DECODE(tons of tried things here,'password');

I seems to me that MySQL has syntax with zero flexibility.

#2 wickning1

wickning1
  • Members
  • PipPipPip
  • Advanced Member
  • 405 posts

Posted 25 February 2006 - 11:46 PM

To encode something:

UPDATE table SET passwordcolumn = ENCODE("thePassword", "yourSalt") WHERE id=1;

To decode it:

SELECT DECODE(passwordcolumn, "yourSalt") FROM table WHERE id=1;

You must choose a salt, that is your secret key for decoding the string. If there was no secret key, and all you had to do to decode it was say DECODE(passwordcolumn), then anybody could do it, and there'd be no point encrypting it. Clear?

#3 cerin

cerin
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 26 February 2006 - 05:22 AM

Ok, I've got that down. Thanks for the help. Can I make the password column auto encode data inserted into it?

#4 wickning1

wickning1
  • Members
  • PipPipPip
  • Advanced Member
  • 405 posts

Posted 26 February 2006 - 06:28 AM

You'd have to store the salt in MySQL, which would compromise it.

#5 fenway

fenway
  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 26 February 2006 - 06:45 AM

For passwords, you might as well store the MD5-encrypted string -- just make sure to encode it on the PHP side.
Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.

#6 cerin

cerin
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 28 February 2006 - 11:02 PM

Can I make it so that when I select and decode, so that the column with the decoded password isn't named "DECODE(passwordcolumn,'pass')"?

#7 wickning1

wickning1
  • Members
  • PipPipPip
  • Advanced Member
  • 405 posts

Posted 28 February 2006 - 11:23 PM

Yes, use an alias.

SELECT DECODE (passwordcolumn, 'pass') as pwd FROM table

Then in PHP you'd be able to access it with $row['pwd']




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users