/    Sign up×
Community /Pin to ProfileBookmark

password hash md5 php mySql problem

Copy linkTweet thisAlerts:
Feb 25.2006

How do you like that for a title. Hehe, it described everything I needed to ask in a brief description.
Bare with me, I’m still learning php and mySql, and having a blast with it. Every once in a while I run accross a snag and am unable to figure out the problem
Currently I am trying to set up a log in page for a user to submit a username and a password so they will be able to log in to the website. I would prefer the user to submit their own password.
I am using the “MyAdmin” secure pages, but it only allows an Admin to enter and edit users.
The table that MyAdmin uses is called “myUsers” and the fields are userName, userPass, isAdmin, userGroup, sessionID, lastLog, userRemark. I am able to insert into all of the fields with no problem except the password field.
From what I understand, the password field uses an encripted or rather “hashed” format. The MyAdmin uses the format: ” , ‘md5($_post[userPass])’ ” I’ve been trying to duplicate it, but it’s not working.
My code to insert is:

[code=php]<!– Insert values into the ***users_to_be_approved*** table ***************begin –>
<?php
// open the connection
$conn = mysql_connect(“localhost”, “***” , “***”);

// pick the database to use
mysql_select_db(“Big_File”,$conn);

// create the SQL statement
$sql = “INSERT INTO myuser_to_be_approved values (”, ‘$_POST[userName]’, ‘md5($_POST[userPass])’, ‘$_POST[isAdmin]’, ‘$_POST[userGroup]’, ‘$_POST[sessionID]’, ‘$_POST[lastLog]’, ‘$_POST[userRemark]’)”;

// execute the SQL statement
if (mysql_query($sql, $conn)) {
echo “record added!”;
} else {
echo “something went wrong”;
}
?>[/code]

Now I have tried both ways, the

[code=php]‘md5($_POST[userPass])’ [/code]

and

[code=php] ‘password($_POST[userPass])’ [/code]

. Each time the field results with the standard text rather than the “hashed”. For example, if my password input was “delta” the field would result “md5(delta)”
The MyAdmin will input the “Hashed” password into the field and will look something like this: “21232f297a57a5a743894a0e4a801fc3” which is apparently hexadecimal.
I’ve looked in the PHP documentation and the MySql documentation and still unable to find out what I’m doing wrong.

to post a comment
PHP

5 Comments(s)

Copy linkTweet thisAlerts:
@ScleppelFeb 25.2006 — Because md5() is a PHP function you cannot embed it in a string, you have to do it outside the "s.

[code=php]$sql = "INSERT INTO myuser_to_be_approved values ('', '$_POST[userName]', '" . md5($_POST[userPass]) . "', '$_POST[isAdmin]', '$_POST[userGroup]', '$_POST[sessionID]', '$_POST[lastLog]', '$_POST[userRemark]')"; [/code]
Copy linkTweet thisAlerts:
@anothenauthorFeb 25.2006 — Thank you, it worked.

So am I to understand that the "md5()" is a PHP function?

I can make a variable hold this information then.

I noticed you used the "" quotes with a period. This is new to me. You used the quotes and a period on either side and it was used without having to put the backslash. Is this a method to step outside of the sql language and use PHP?
Copy linkTweet thisAlerts:
@ScleppelFeb 25.2006 — So am I to understand that the "md5()" is a PHP function?

I can make a variable hold this information then.[/QUOTE]
Yes:
[code=php]$hashed_pass = md5($pass);[/code]

I noticed you used the "" quotes with a period. This is new to me. You used the quotes and a period on either side and it was used without having to put the backslash. Is this a method to step outside of the sql language and use PHP?[/QUOTE]
It steps outside of the " quoted string, to allow PHP to see the function. The . is the concatenation operator and it kind of sticks the different parts together.

I'm not very good at explaining this so look at the PHP Manual page for [URL=http://uk2.php.net/manual/en/language.operators.string.php]String Operators[/URL] and possibly also [URL=http://uk2.php.net/manual/en/language.types.string.php]Strings[/URL].
Copy linkTweet thisAlerts:
@NogDogFeb 25.2006 — The period is PHP's concatenation character: it "glues" togethere two strings into one. So [b]"abc" . "xyz"[/b] becomes "abcxyz". In the code in question, you are not in MySQL (yet); you are in PHP creating a string which will be passed to MySQL.
Copy linkTweet thisAlerts:
@anothenauthorFeb 25.2006 — okay Sclep, I got it, thanks. You been very helpful.

Nog, okay, I understand now. It gets confusing sometimes trying to separate between what is mysql and php. Understanding that it is a string variable in php that is being passed to mySql helps out greatly. Thanks.
×

Success!

Help @anothen spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.21,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...