Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

insert password into database in md5 format? [duplicate]

Tags:

php

mysql

can anyone please show me or explain how i can insert a password into a database in md5 format? even if you can just point me in the right direction or something i'd be grateful because I'm only new to mysql thanks.

$query="INSERT INTO ptb_users (id,
user_id,
first_name,
last_name,
email )
VALUES('NULL',
'NULL',
'".$firstname."',
'".$lastname."',
'".$email."',
'".$password."'
)";
mysql_query($query) or dieerr();
$result = mysql_query("UPDATE ptb_users SET ptb_users.user_id=ptb_users.id");
like image 967
James Tanner Avatar asked Mar 15 '13 14:03

James Tanner

3 Answers

use MD5,

$query="INSERT INTO ptb_users (id,
user_id,
first_name,
last_name,
email )
VALUES('NULL',
'NULL',
'".$firstname."',
'".$lastname."',
'".$email."',
MD5('".$password."')
)";

but MD5 is insecure. Use SHA2.

  • Encryption and Compression Functions
  • SQLFiddle Demo
like image 99
John Woo Avatar answered Oct 03 '22 19:10

John Woo

Don't use MD5 as it is insecure. I would recommend using SHA or bcrypt with a salt:

SHA256('".$password."')

http://en.wikipedia.org/wiki/Salt_(cryptography)

like image 25
Darren Avatar answered Oct 03 '22 20:10

Darren

Darren Davies is partially correct in saying that you should use a salt - there are several issues with his claim that MD5 is insecure.

You've said that you have to insert the password using an Md5 hash, but that doesn't really tell us why. Is it because that's the format used when validatinb the password? Do you have control over the code which validates the password?

The thing about using a salt is that it avoids the problem where 2 users have the same password - they'll also have the same hash - not a desirable outcome. By using a diferent salt for each password then this does not arise (with very large volumes of data there is still a risk of collisions arising from 2 different passwords - but we'll ignore that for now).

So you can aither generate a random value for the salt and store that in the record too, or you could use some of the data you already hold - such as the username:

$query="INSERT INTO ptb_users (id,
        user_id,
        first_name,
        last_name,
        email )
        VALUES('NULL',
        'NULL',
        '".$firstname."',
        '".$lastname."',
        '".$email."',
        MD5('"$user_id.$password."')
        )";

(I am assuming that you've properly escaped all those strings earlier in your code)

like image 31
symcbean Avatar answered Oct 03 '22 20:10

symcbean
Sign in to Comment

Related questions

Which is the best way to generate excel output in PHP? [closed]
PHPUnit: How do I mock this file system?
Multiple plural forms in gettext()
SQL Query with binary data (PHP and MySQL)
Good PHP Rest Api library [closed]
Where do PHP Composer Packages Come From?
use_strict_mode in php sessions
Debug Project in PhpStorm
Laravel Consumer and Provider App architecture
Is Laravel 5.1 Compatible with PHP 7
Send ajax request through CURL
ini_set, set_time_limit, (max_execution_time) - not working
What are the benefits (and drawbacks) of a weakly typed language?
What are standard/best practices for creating unit tests for functionality using databases?
Notepad++ Edit syntax highlighting for PHP?
Handling unread posts in PHP / MySQL
how to write PHP module in C
adding a static 1km grid to google maps using php
How Do I use htmlspecialchars but allow only specific HTML code to pass through without getting converted?
CodeIgniter Controller Constructor

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!