Board index   FAQ   Search  
Register  Login
Board index php forum :: php coding PHP coding => General

[b]No results in query when using MD5 (help wanted)[/b]

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

[b]No results in query when using MD5 (help wanted)[/b]

Postby jeronimo » Tue Feb 04, 2003 3:34 pm

Hi Code-wizards,

I'm new to PHP coding and am struggling with a very simple query. The problem is as follows:

To secure my passwords in the db I use a MD5 command:

Code: Select all
$insert = "INSERT INTO `CustMst` (Name,Pass,Email...etc)
VALUES('$Name',MD5('$Pass'),'$Email',...etc')";

so far it works fine, if I look in the database the password is encrypted.

But here it comes, when verifying if a record already exists with the same username and password, the query returns no results:

Code: Select all
$select = "SELECT * FROM `CustMst` WHERE Name = '$Name' AND Pass = MD5('$Pass')";
$query = mysql_query($select) or die ( 'Unable to execute query.' );
$records = mysql_num_rows($query);

When I remove the MD5 functions (in both sections) the query works fine...

What's the syntax error?

Thanks in advance,
Jeronimo
jeronimo
New php-forum User
New php-forum User
 
Posts: 2
Joined: Tue Feb 04, 2003 3:23 pm

Postby Joan Garnet » Tue Feb 04, 2003 4:40 pm

$select = "SELECT * FROM `CustMst` WHERE Name = '$Name' AND Pass = MD5($Pass)"; //No quotes.

If this doesn't work try to assign a variable to the MD5 function and use it in the query.
User avatar
Joan Garnet
Moderator
Moderator
 
Posts: 387
Joined: Sat Aug 03, 2002 2:56 am
Location: Mars

No results in query when using MD5

Postby jeronimo » Wed Feb 05, 2003 3:08 am

Thanks for your comment Joan,

Unfortunaly I already tried this...
Later I figured out that I had set the database format to VARCHAR(6)...while the encoded strings appear to be longer then 6. So I changed it to VARCHAR(45)...but it still doesn't seem to work....

I added some echo messages of the variable and here is the problem:

When storing the Password to the db. The MD5('$Pass') results in: 607c1f157e64e428ac4b518b4404c5d8
When checking the Password from the db. The MD5('$Pass') results in: b9b57aae83585e17ede4570dcede353c

How is this possible? The var $Pass has not changed.. Shouldn't the MD5 function produce the same output when the input stays the same????

Thanks...
jeronimo
New php-forum User
New php-forum User
 
Posts: 2
Joined: Tue Feb 04, 2003 3:23 pm

Postby pootergeist » Wed Feb 05, 2003 4:14 am

personally I would recommend hashing the password within the PHP scripting only (and through using a include file stored securely) - allows for easy updating of encryption scripting and a more portable future.

encryptme.php
function &crypto($data)
{
$data = MD5($data);
return $data;
}

---------
include_once('../../below_public_root_files/encryptme.php');
$pass = &crypto($_POST['pass']);
mysql_query("INSERT ---------- pass='$pass'
'n'
mysql_query("SELECT ---- WHERE pass='$pass'");

Subnotes: MD5 hashing always returns a 32byte long string (whether you are hashing a harddrive, a file, a word, an image or whatever) - `pass` VARCHAR(35) NOT NULL, should suffice for field settings ( (32) should just work, added 3 for leeway tho :))
pootergeist
New php-forum User
New php-forum User
 
Posts: 191
Joined: Wed Jan 29, 2003 7:11 am
Location: UK


Return to PHP coding => General

Who is online

Users browsing this forum: Bing [Bot] and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron