473,395 Members | 2,151 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > how to hide (encrypt) password in table ?

Join Bytes to post your question to a community of 473,395 software developers and data experts.

how to hide (encrypt) password in table ?

pls give me an example.. its my code but it shows password in table..

Expand|Select|Wrap|Line Numbers
  1. // TABLE CREATION
  2.  
  3. CREATE TABLE `test`.`pass_test` (
  4. `user_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
  5. `passwd` VARCHAR( 40 ) NOT NULL
  6. ) ;
  7.  
  8. <?php 
  9.  
  10. //PHP CODE
  11.  
  12. if(isset($_POST['submit']))
  13. {
  14.     $conn= mysql_connect("localhost","root","");
  15. if ($conn)
  16.   {
  17.       $password=$_POST['password'];         
  18.       mysql_query("insert into `test`.`pass_test` set
  19.       `passwd`='$password'")or die("error"); 
  20.  
  21.   } 
  22. }
  23. ?>
  24.  
//HTML CODE...
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <body>
  3. <form name="first" method="post" action="">
  4. <input type="password" name="password" />
  5. <input type="submit" name="submit" value="Submit" />
  6. </form>
  7. </body>
  8. <html>
Apr 1 '12 #1

✓ answered by PsychoCoder

If you look at this line you're not encrypting anything, just adding it to the database

Expand|Select|Wrap|Line Numbers
  1. `passwd`='$password'"
I would use md5 to encrypt it before sending it to the database

Expand|Select|Wrap|Line Numbers
  1. `passwd`='md5($password')"
NOTE: You adding data from the users without cleaning it or anything, making it wide open for SQL Injection attacks and more. I would sanitize the data using mysql_real_escape_string

7 2905
PsychoCoder
465 Expert Mod 256MB
If you look at this line you're not encrypting anything, just adding it to the database

Expand|Select|Wrap|Line Numbers
  1. `passwd`='$password'"
I would use md5 to encrypt it before sending it to the database

Expand|Select|Wrap|Line Numbers
  1. `passwd`='md5($password')"
NOTE: You adding data from the users without cleaning it or anything, making it wide open for SQL Injection attacks and more. I would sanitize the data using mysql_real_escape_string
Apr 1 '12 #2
thanks thank u very much..
Apr 1 '12 #3
/// use the base64_encode($password) to incrypt and use base64_decode to get real password string.

while you use base64_encode() function you will get encryption password string store in table than no one gets ideas what's your password. And when you want to retrive your origional password then use base64_decode().

if you use MD5() then in future you have not any chance to retrive your origional password...

Bharat Parmar(Bharat383)
Apr 16 '12 #4
Rabbit
12,516 Expert Mod 8TB
Never use a reversible encryption to store passwords. Use the MD5 hash. There is no reason to ever need to retrieve the original password.
Apr 16 '12 #5
johny10151981
1,059 1GB
Agreed with Guru Rabbit.
To Bharat:
the purpose of a secure password is not to get stolen; What if some how some one stole the entire database? it can happen; what if the engineer take a copy of the table with him when he leave the company? he has all the user name and password.

to PsychoCoder: which one should be better using MD5 function or using PASSWORD function? what is difference?
Apr 17 '12 #6
Dormilich
8,658 Expert Mod 8TB
which one should be better using MD5 function or using PASSWORD function? what is difference?
(though I’m not PsychoCoder)

neither. PASSWORD() is an internal MySQL function for account management while MD5() is insecure (you can easily find a collision). I would recommend RIPEMD160, SHA256 or Whirlpool coupled with a HMAC salt (cf. hash_hmac())
Apr 17 '12 #7
johny10151981
1,059 1GB
This is interesting, I would take a closer look at it.
Apr 17 '12 #8

Sign in to post your reply or Sign up for a free account.

Similar topics

1
Hide mysql_pconnect password
by: Hal Halloway | last post by:
mysql_pconnect("localhost","user","password") Is there a way so that password will not be text? So someone looking at the file would not be able to know the password? Thanks Ps my sysadmin...
PHP
9
How to hide column in table
by: Don Grover | last post by:
I have a HTML table created using ASP as a web page. ie. HEADING1 HEADING2 HEADING3 etc... data 1 data2 data3 etc and so on How can I toggle hide /...
Javascript
4
encrypt password in config file
by: CLEAR-RCIC | last post by:
Hello All: I want to encrypt a username/password inside a config file that will be read and decrypted by a .dll. I have discovered many ways to do this looking at Google but was wondering if...
.NET Framework
0
hide the owner table
by: Cornelio Royer | last post by:
how can i to hide the owner table, if i connect using odbc.... thanks... -- CORNELIO ROYER WIN SOFT CORP., S.A. OFICINA (507) 264 4376 CELULAR (507) 674 1218
PostgreSQL Database
1
How to hide userid/password in db connection string?
by: Kelly | last post by:
I have a db connection that uses a userid/passwd that will remain static and the application user does not need to know/change it. However, by hardcoding it, the plain text is available both in...
C# / C Sharp
2
encrypt password
by: Daniel | last post by:
Hi All, Does anyone know how to encrypt the password before store in the sql database? In addition, decrypt the password from database before comparison. The purpose to do it because to hide the...
ASP.NET
5
How to hide username / password when using FTP functions
by: livefreeordie | last post by:
Hi, I'm part of a 5-person team that develops websites for our company. I need to use the ftp_* functions to find some files on another file server. I need to authenticate to the file server...
PHP
4
Encrypt password in PHP, decrypt in VB?
by: Gilles Ganault | last post by:
Hello I'd like to encrypt a customer's organization name to use this as their password to launch our application, and decrypt it within our VB5 application. We will then use this information...
PHP
2
Encrypt password using JSP
by: ghjk | last post by:
I have to develop a web application using JSP. I'm new to JSP. Could some one tell me how to encrypt password using JSP. I know php.
Java
1
How to hide all the table borders using CSS?
by: tess1243 | last post by:
How to hide all the table borders using CSS? Borders are coming from the html code. I want to remove the borders using CSS. Is that Possible ??
HTML / CSS
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!