By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,664 Members | 1,656 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,664 IT Pros & Developers. It's quick & easy.

How to use Password() in PHP? Syntax problem?

P: n/a
Hello again.
I have tried to use password() in my login-script but it did not work.

My code is:

$sql = "SELECT * FROM users";
$sql .= " WHERE username ='" .
mysql_real_escape_string($_POST['username']) . "' ";
$sql .= " AND pwd = (PASSWORD( ' " . $_POST['pwd'] . " ' )) ";

What is wrong in this?
And how should I write it?

Thanks for all help!

Karl
Sep 8 '08 #1
Share this Question
Share on Google+
5 Replies


P: n/a
On Mon, 08 Sep 2008 07:46:10 -0700, karlarneg wrote:
I have tried to use password() in my login-script but it did not work.
Why did it not work? Did you get an error message? What have you tried?
$sql = "SELECT * FROM users";
$sql .= " WHERE username ='" .
mysql_real_escape_string($_POST['username']) . "' "; $sql .= " AND pwd =
(PASSWORD( ' " . $_POST['pwd'] . " ' )) ";
Maybe it is the spaces within the '' which are the problem.
Sep 8 '08 #2

P: n/a
ka*******@gmail.com wrote:
Hello again.
I have tried to use password() in my login-script but it did not work.

My code is:

$sql = "SELECT * FROM users";
$sql .= " WHERE username ='" .
mysql_real_escape_string($_POST['username']) . "' ";
$sql .= " AND pwd = (PASSWORD( ' " . $_POST['pwd'] . " ' )) ";

What is wrong in this?
And how should I write it?

Thanks for all help!

Karl
Karl,

A bigger question is - why are you storing web users in the MySQL user
table? That should be only for MySQL users - and your website users
should never have MySQL user id's.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 8 '08 #3

P: n/a
Jensen Somers wrote:
Jerry Stuckle wrote:
>ka*******@gmail.com wrote:
>>Hello again.
I have tried to use password() in my login-script but it did not work.

My code is:

$sql = "SELECT * FROM users";
$sql .= " WHERE username ='" .
mysql_real_escape_string($_POST['username']) . "' ";
$sql .= " AND pwd = (PASSWORD( ' " . $_POST['pwd'] . " ' )) ";

What is wrong in this?
And how should I write it?

Thanks for all help!

Karl
Karl,

A bigger question is - why are you storing web users in the MySQL user
table? That should be only for MySQL users - and your website users
should never have MySQL user id's.

Who said he is using the MySQL users table? It's not because his users
table is also called users he is mixing it with the MySQL users table.
Yes, that's true. However, additionally, if he would have asked in the
correct newsgroup (PASSWORD is not a PHP function), he would have found
he shouldn't be using PASSWORD for encrypting user passwords.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 8 '08 #4

P: n/a
On 8 Sep, 18:46, Jerry Stuckle <jstuck...@attglobal.netwrote:
Jensen Somers wrote:
Jerry Stuckle wrote:
karlar...@gmail.com wrote:
Hello again.
I have tried to use password() in my login-script but it did not work..
>My code is:
>$sql = "SELECT * FROM users";
$sql .= " WHERE username ='" .
mysql_real_escape_string($_POST['username']) . "' ";
$sql .= " AND pwd = (PASSWORD( ' " . $_POST['pwd'] . " ' )) ";
>What is wrong in this?
And how should I write it?
>Thanks for all help!
>Karl
Karl,
A bigger question is - why are you storing web users in the MySQL user
table? *That should be only for MySQL users - and your website users
should never have MySQL user id's.
Who said he is using the MySQL users table? It's not because his users
table is also called users he is mixing it with the MySQL users table.

Yes, that's true. *However, additionally, if he would have asked in the
correct newsgroup (PASSWORD is not a PHP function), he would have found
he shouldn't be using PASSWORD for encrypting user passwords.
I use md5 and sha1 instead of password(); Now I have the result I was
looking for:)

Now I have to find out how I can do the input sensitive!
I have to control that uppercase and lowercase are exactly written
into the field as it is stored in the database!

Thanks for all help and advice!

Karl
Sep 8 '08 #5

P: n/a
..oO(ka*******@gmail.com)
>I have tried to use password() in my login-script but it did not work.

My code is:

$sql = "SELECT * FROM users";
$sql .= " WHERE username ='" .
mysql_real_escape_string($_POST['username']) . "' ";
$sql .= " AND pwd = (PASSWORD( ' " . $_POST['pwd'] . " ' )) ";
The $_POST['pwd'] variable has to be escaped as well! You should also
consider using sprintf() or prepared statements to create the query,
e.g.

$sql = "
SELECT ... -- you should explicitly list the columns to retrieve
FROM users
WHERE username = '%s'
AND pwd = PASSWORD('%s')
";
$query = sprintf($sql,
mysql_real_escape_string($_POST['username']),
mysql_real_escape_string($_POST['pwd'])
);

Micha
Sep 8 '08 #6

This discussion thread is closed

Replies have been disabled for this discussion.