Create simple username password datebase

lovephp123 · October 27th, 2005, 02:14 PM

<?php

// COMMIT ADD
  $link = mysql_connect("localhost", "root", "")
    or die("Could not connect: " . mysql_error());
  mysql_select_db('registration', $link)
    or die ( mysql_error());
  switch ($_GET['action']) {
    case "add":
      switch ($_GET['type']) {
        case "Register":
          $sql = "INSERT INTO user_info
                    (username,
                    password,
                    email)
                  VALUES
                    ('" . $_POST['username'] . "',
                    '" . $_POST['password'] . "',
                    '" . $_POST['email'] . "')";
          break;
      }
      break;
  }

  if (isset($sql) && !empty($sql)) {
    echo "";
    $result = mysql_query($sql)
      or die("Invalid query: " . mysql_error());
?>
<p align="center" style="color:#FF0000">
    Done. <a href="admin_loggedin.php">admin</a>
  </p>
<?php
  }
?>

This is my code and it works but I want the password to be hashed I am not sure how I can do this Please help

anshul · October 28th, 2005, 06:22 AM

If you mean to encrypt password, use md5(). It's best and established method. Compare it's (one that resides in db) value with md5 of that user enter in form, during login.

http://anshul.guideseeq.com/

Regards,

`~@#\^%&*/\.<.\/-|+|_!:;..=?>
Support Indian students' finances http://scholarship.mediasworks.com/

lovephp123 · October 28th, 2005, 09:38 AM

So that does not tell me anything I just want to know how to get this line '" . $_POST['password'] . "', To have a PASSWORD to be put in it. I think it is something like this but this does not work "(PASSWORD('" . $_POST['password'] . "')), '" .
Thanks

Quote:

quote:Originally posted by anshul
If you mean to encrypt password, use md5(). It's best and established method. Compare it's (one that resides in db) value with md5 of that user enter in form, during login.

http://anshul.guideseeq.com/

Regards,

`~@#\^%&*/\.<.\/-|+|_!:;..=?>
Support Indian students' finances http://scholarship.mediasworks.com/

Daniel Walker · October 28th, 2005, 02:56 PM

I think you misunderstand. What anshul is saying is, avoid having to get the database to process the hash at all. Simply hash it in your script and send the hash: store it in a fixed-length character field that is big enough to hold your hashes.

I hardly need say, that hashing the same input always produces the same output. Store the output in your database, and always hash it using MD5 before presenting the result to the database, and the database need never known what the original password actually was: it only needs the hash.

Is there some external reason why this will not work?