By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,960 Members | 987 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,960 IT Pros & Developers. It's quick & easy.

how to hide (encrypt) password in table ?

P: 6
pls give me an example.. its my code but it shows password in table..

Expand|Select|Wrap|Line Numbers
  1. // TABLE CREATION
  2.  
  3. CREATE TABLE `test`.`pass_test` (
  4. `user_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
  5. `passwd` VARCHAR( 40 ) NOT NULL
  6. ) ;
  7.  
  8. <?php 
  9.  
  10. //PHP CODE
  11.  
  12. if(isset($_POST['submit']))
  13. {
  14.     $conn= mysql_connect("localhost","root","");
  15. if ($conn)
  16.   {
  17.       $password=$_POST['password'];         
  18.       mysql_query("insert into `test`.`pass_test` set
  19.       `passwd`='$password'")or die("error"); 
  20.  
  21.   } 
  22. }
  23. ?>
  24.  
//HTML CODE...
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <body>
  3. <form name="first" method="post" action="">
  4. <input type="password" name="password" />
  5. <input type="submit" name="submit" value="Submit" />
  6. </form>
  7. </body>
  8. <html>
Apr 1 '12 #1

✓ answered by PsychoCoder

If you look at this line you're not encrypting anything, just adding it to the database

Expand|Select|Wrap|Line Numbers
  1. `passwd`='$password'"
I would use md5 to encrypt it before sending it to the database

Expand|Select|Wrap|Line Numbers
  1. `passwd`='md5($password')"
NOTE: You adding data from the users without cleaning it or anything, making it wide open for SQL Injection attacks and more. I would sanitize the data using mysql_real_escape_string

Share this Question
Share on Google+
7 Replies


PsychoCoder
Expert Mod 100+
P: 465
If you look at this line you're not encrypting anything, just adding it to the database

Expand|Select|Wrap|Line Numbers
  1. `passwd`='$password'"
I would use md5 to encrypt it before sending it to the database

Expand|Select|Wrap|Line Numbers
  1. `passwd`='md5($password')"
NOTE: You adding data from the users without cleaning it or anything, making it wide open for SQL Injection attacks and more. I would sanitize the data using mysql_real_escape_string
Apr 1 '12 #2

P: 6
thanks thank u very much..
Apr 1 '12 #3

P: 93
/// use the base64_encode($password) to incrypt and use base64_decode to get real password string.

while you use base64_encode() function you will get encryption password string store in table than no one gets ideas what's your password. And when you want to retrive your origional password then use base64_decode().

if you use MD5() then in future you have not any chance to retrive your origional password...

Bharat Parmar(Bharat383)
Apr 16 '12 #4

Rabbit
Expert Mod 10K+
P: 12,347
Never use a reversible encryption to store passwords. Use the MD5 hash. There is no reason to ever need to retrieve the original password.
Apr 16 '12 #5

100+
P: 1,059
Agreed with Guru Rabbit.
To Bharat:
the purpose of a secure password is not to get stolen; What if some how some one stole the entire database? it can happen; what if the engineer take a copy of the table with him when he leave the company? he has all the user name and password.

to PsychoCoder: which one should be better using MD5 function or using PASSWORD function? what is difference?
Apr 17 '12 #6

Dormilich
Expert Mod 5K+
P: 8,639
which one should be better using MD5 function or using PASSWORD function? what is difference?
(though I’m not PsychoCoder)

neither. PASSWORD() is an internal MySQL function for account management while MD5() is insecure (you can easily find a collision). I would recommend RIPEMD160, SHA256 or Whirlpool coupled with a HMAC salt (cf. hash_hmac())
Apr 17 '12 #7

100+
P: 1,059
This is interesting, I would take a closer look at it.
Apr 17 '12 #8

Post your reply

Sign in to post your reply or Sign up for a free account.