By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,614 Members | 1,653 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,614 IT Pros & Developers. It's quick & easy.

could i ask how to encrypt a password when it submits to the database?

Paul NIcolai Sunga
P: 43
.i need your help guys,. thanks, i just want to know how to encrypt the password that have been submit to the database.

/* $lik refers to the database linked, i assumed that the database has been connected */

Expand|Select|Wrap|Line Numbers
  1. <?Php
  2.  
  3. $uname = $_POST['unametxtbox'];
  4. $pwd = $_POST['pwdtxtbox'];
  5.  
  6. $query = mysqli_query($link, "Insert into user_tbl(username, password) values('$uname', '$pwd');
  7.  
  8. ?>

where should i put the crypt object here in my codes?

thanks,
Oct 5 '08 #1
Share this Question
Share on Google+
3 Replies


Markus
Expert 5K+
P: 6,050
Hey, Paul.

First things first, you've been on the forums for long enough to know that when you submit code you wrap it with [code] tags. Remember this or there shall be further action taken.

Second, when you insert data into a database, you should always assume it's corrupt data, ie. always escape the data to clear out any possibilities of mysql_injection. Please read the tutorial on this; it will show you how to escape your POST values (and GET).

Now onto your question.

I would crypt() the data as you're inserting it. This way, the original is left readable and you can use it for other stuff.

Expand|Select|Wrap|Line Numbers
  1. <?Php
  2.  
  3. $uname = $_POST['unametxtbox']; // ESCAPE THESE!
  4. $pwd = $_POST['pwdtxtbox']; // ESCAPE THESE!
  5.  
  6. $query = mysqli_query($link, "Insert into user_tbl(username, password) values('$uname', 'crypt($pwd)');
  7.  
  8. ?>
Oct 5 '08 #2

100+
P: 258
The most common commands programmers use on PHP to store users passwords on database is MD5 and SHA1.
I usualy use MD5 , It changes the password to a 32 bit code which is not reversable BUT after discussing with one of the moderators of this forum (Atli) I realized that SHA1 is safer to use.

What you can do is that you use MD5 or SHA1 before you put the password in your database like this :

Expand|Select|Wrap|Line Numbers
  1. MD5($password);
  2.  
  3. // OR
  4.  
  5. SHA1($password);
  6.  
And next time the user enters password you use these functions again before comparing the users input with your database.

Note : The result of these two functions are not the same

Hope this helps you
Oct 5 '08 #3

Paul NIcolai Sunga
P: 43
The most common commands programmers use on PHP to store users passwords on database is MD5 and SHA1.
I usualy use MD5 , It changes the password to a 32 bit code which is not reversable BUT after discussing with one of the moderators of this forum (Atli) I realized that SHA1 is safer to use.

What you can do is that you use MD5 or SHA1 before you put the password in your database like this :

Expand|Select|Wrap|Line Numbers
  1. MD5($password);
  2.  
  3. // OR
  4.  
  5. SHA1($password);
  6.  
And next time the user enters password you use these functions again before comparing the users input with your database.

Note : The result of these two functions are not the same

Hope this helps you









thankz very much indeed!!!






regards,




paul nicolai sunga
Oct 11 '08 #4

Post your reply

Sign in to post your reply or Sign up for a free account.