I checked the passwords for the users against the DB.
What is faster, the MySQL MD5 function
... pwd = MD5('.$pwd.')
OR the PHP MD5 function
... pwd = '.md5($pwd).'
What is the right way between the two options?
If your application is only calcullating md5 when someone registers on your site, or is logging in, own many calls to md5 will you do per hour ? Couple of hundreds ? If so, I don't think the really small difference between PHP and MySQL will be significant at all.
The question should be more like "where do I put the fact that password are stored using md5" than "what makes me win almost nothing".
And, as a sidenote, another question could be : where can you afford to spend resources for that kind of calculations ? If you have 10 PHP servers and one DB server already under heavy load, you get your answer ;-)
But, just for fun :
mysql> select benchmark(1000000, md5('test'));
+---------------------------------+
| benchmark(1000000, md5('test')) |
+---------------------------------+
| 0 |
+---------------------------------+
1 row in set (2.24 sec)
And in PHP :
$before = microtime(true);
for ($i=0 ; $i<1000000 ; $i++) {
$a = md5('test');
}
$after = microtime(true);
echo ($after-$before) . "\n";
gives :
$ php ~/developpement/tests/temp/temp.php
3.3341760635376
But you probably won't be calculating a million md5 like this, will you ?
(And this has nothing to do with preventing SQL injections : just escape/quote your data ! always ! or use prepared statements)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With