473,396 Members | 2,002 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > how to use password() in php? syntax problem?

Join Bytes to post your question to a community of 473,396 software developers and data experts.

How to use Password() in PHP? Syntax problem?

Hello again.
I have tried to use password() in my login-script but it did not work.

My code is:

$sql = "SELECT * FROM users";
$sql .= " WHERE username ='" .
mysql_real_escape_string($_POST['username']) . "' ";
$sql .= " AND pwd = (PASSWORD( ' " . $_POST['pwd'] . " ' )) ";

What is wrong in this?
And how should I write it?

Thanks for all help!

Karl
Sep 8 '08 #1
5 2566
On Mon, 08 Sep 2008 07:46:10 -0700, karlarneg wrote:
I have tried to use password() in my login-script but it did not work.
Why did it not work? Did you get an error message? What have you tried?
$sql = "SELECT * FROM users";
$sql .= " WHERE username ='" .
mysql_real_escape_string($_POST['username']) . "' "; $sql .= " AND pwd =
(PASSWORD( ' " . $_POST['pwd'] . " ' )) ";
Maybe it is the spaces within the '' which are the problem.
Sep 8 '08 #2
ka*******@gmail.com wrote:
Hello again.
I have tried to use password() in my login-script but it did not work.

My code is:

$sql = "SELECT * FROM users";
$sql .= " WHERE username ='" .
mysql_real_escape_string($_POST['username']) . "' ";
$sql .= " AND pwd = (PASSWORD( ' " . $_POST['pwd'] . " ' )) ";

What is wrong in this?
And how should I write it?

Thanks for all help!

Karl
Karl,

A bigger question is - why are you storing web users in the MySQL user
table? That should be only for MySQL users - and your website users
should never have MySQL user id's.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 8 '08 #3
Jensen Somers wrote:
Jerry Stuckle wrote:
>ka*******@gmail.com wrote:
>>Hello again.
I have tried to use password() in my login-script but it did not work.

My code is:

$sql = "SELECT * FROM users";
$sql .= " WHERE username ='" .
mysql_real_escape_string($_POST['username']) . "' ";
$sql .= " AND pwd = (PASSWORD( ' " . $_POST['pwd'] . " ' )) ";

What is wrong in this?
And how should I write it?

Thanks for all help!

Karl
Karl,

A bigger question is - why are you storing web users in the MySQL user
table? That should be only for MySQL users - and your website users
should never have MySQL user id's.

Who said he is using the MySQL users table? It's not because his users
table is also called users he is mixing it with the MySQL users table.
Yes, that's true. However, additionally, if he would have asked in the
correct newsgroup (PASSWORD is not a PHP function), he would have found
he shouldn't be using PASSWORD for encrypting user passwords.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 8 '08 #4
On 8 Sep, 18:46, Jerry Stuckle <jstuck...@attglobal.netwrote:
Jensen Somers wrote:
Jerry Stuckle wrote:
karlar...@gmail.com wrote:
Hello again.
I have tried to use password() in my login-script but it did not work..
>My code is:
>$sql = "SELECT * FROM users";
$sql .= " WHERE username ='" .
mysql_real_escape_string($_POST['username']) . "' ";
$sql .= " AND pwd = (PASSWORD( ' " . $_POST['pwd'] . " ' )) ";
>What is wrong in this?
And how should I write it?
>Thanks for all help!
>Karl
Karl,
A bigger question is - why are you storing web users in the MySQL user
table? *That should be only for MySQL users - and your website users
should never have MySQL user id's.
Who said he is using the MySQL users table? It's not because his users
table is also called users he is mixing it with the MySQL users table.

Yes, that's true. *However, additionally, if he would have asked in the
correct newsgroup (PASSWORD is not a PHP function), he would have found
he shouldn't be using PASSWORD for encrypting user passwords.
I use md5 and sha1 instead of password(); Now I have the result I was
looking for:)

Now I have to find out how I can do the input sensitive!
I have to control that uppercase and lowercase are exactly written
into the field as it is stored in the database!

Thanks for all help and advice!

Karl
Sep 8 '08 #5
..oO(ka*******@gmail.com)
>I have tried to use password() in my login-script but it did not work.

My code is:

$sql = "SELECT * FROM users";
$sql .= " WHERE username ='" .
mysql_real_escape_string($_POST['username']) . "' ";
$sql .= " AND pwd = (PASSWORD( ' " . $_POST['pwd'] . " ' )) ";
The $_POST['pwd'] variable has to be escaped as well! You should also
consider using sprintf() or prepared statements to create the query,
e.g.

$sql = "
SELECT ... -- you should explicitly list the columns to retrieve
FROM users
WHERE username = '%s'
AND pwd = PASSWORD('%s')
";
$query = sprintf($sql,
mysql_real_escape_string($_POST['username']),
mysql_real_escape_string($_POST['pwd'])
);

Micha
Sep 8 '08 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
PHP Password Based Upon The Hour
by: bunt4power | last post by:
I am in need of a way to password protect a directory with a generic password that changes with the date/time. The only problem is that I don't want to .htaccess or MYSQL - only PHP. Can...
PHP
5
I just ran /usr/bin/mysql_install_db and it told me to set a password for the MySQL root USER. I cannot.
by: MLH | last post by:
I'm supposed to set a password for the MySQL root user. The output of mysql_install_db instructed me to run the following commands... /usr/bin/mysqladmin -u root -h appserver password mynwewpasswd...
MySQL Database
6
encrypted password problem
by: Ian Davies | last post by:
Hello I would like to query the user table of the mysql database from my VB application to check that a user's password entered in a text field on a form corresponds to that users password in the...
MySQL Database
3
password field: Syntax error in INSERT INTO statement.
by: Neil Zanella | last post by:
Hello, I am trying to execute ADO.NET INSERT statement where one of the fields is coming from a password HTML control. When I access the text with password.Value and print with Response.Write...
ASP.NET
3
INSERT INTO...(password) syntax error
by: jinhy82 | last post by:
Hi! I am currently creating a Registration form which contained: UserID Password, FirstName and LastName. These details would be inserted into Ms Access when I click submi button. But I...
ASP.NET
2
Syntax for password protectd database...
by: Matthew Wells | last post by:
Hello, I have an ADO connection object connected to an external ms access password protected database. I am trying to execute a delete statement from that object on a table in my currentdb. ...
Microsoft Access / VBA
0
Authenticate user in OpenLDAP with username and password
by: dorrit.Riemenschneider | last post by:
I need to validate a user with username and password against our OpenLDAP active directory. This is my code: Private bool ValidateUser (string username, string password) { DirectoryEntry...
.NET Framework
2
Syntax error when using Password function in php and mysql
by: sharmilah | last post by:
I have the following code in my script and it's giving a syntax error at line *** when using the password function. My password in the mysql database is encrypted using the password function itself...
PHP
3
Shift Bypass Enable/Disable Password Protection
by: CanuckChuck | last post by:
I have a code for enabling a command button to password protect the enabling/disabling of the Shift bypass. For some reason though I keep recieving a syntax error when I try to use it. I copied the...
Microsoft Access / VBA
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!