Hey
I'm not sure if this it the correct place to post this but if not then feel free to move it.
I've created a mysql table to store user names and password and am trying to create a log in page which checks the username and passwords are valid.
I used this sql to create the table "create table users (first_name varchar(25) not null, last_name varchar(25) not null, username varchar(20) unique, password varchar(16);"
However when I try to insert data into the table using "insert into users (first_name, last_name, username, password) values ("jack", "jones", "jack", password("jack"));" it says there is a warning. It's something to do with the password because when you view the table the password is stored as a 15 character string with a "*" at the start.
Does anyone know what I'm doing wrong?
mysql password warning
Moderator: General Moderators
Re: mysql password warning
I'm too lazy:
What does the warning say?
What does the warning say?
Re: mysql password warning
im not sure if that is the exact code you used, but you missed a paren at the end of the create table after varchar(16) should be varchar(16));
but i feel like you should have got an error when creating the table in that case.
but i feel like you should have got an error when creating the table in that case.
Re: mysql password warning
Thats a good point, how to a get mysql to display the warnings? I asked someone else and they said that the password function shouldn't be used by other applications. Does this mean I should forget the password() function and just store users passwords as text?
-
minorDemocritus
- Forum Commoner
- Posts: 96
- Joined: Thu Apr 01, 2010 7:28 pm
- Location: Chicagoland, IL, USA
Re: mysql password warning
To display the error message that MySQL returns, use mysql_error(). Example:
The function returns a string containing the error from the last MySQL function that ran.
phpMyAdmin is very useful for debugging MySQL queries. The 'SQL' tab allows you to run queries directly, and gives you the error message.
As for the password function, I've never used it. I just store the hash of the password, after salting it for more security:
Code: Select all
$query = "SELECT * FROM `table` WHERE 1";
$result = mysql_query($query);
echo mysql_error();phpMyAdmin is very useful for debugging MySQL queries. The 'SQL' tab allows you to run queries directly, and gives you the error message.
As for the password function, I've never used it. I just store the hash of the password, after salting it for more security:
Code: Select all
$username = 'dummyuser';
$salt1 = '#jS7';
$salt2 = 's3N&';
$password = 'secret';
$token = sha1($salt1 . $password . $salt2);
$query = sprintf("INSERT INTO `users` (username,passhash) VALUES ('%s','%s')",
mysql_real_escape_string($username),
mysql_real_escape_string($token)
);Re: mysql password warning
In my opinion it should be OK to share the password function between php and mysql because both are running on the server side. But that might be a better question for the security forum.