mysql password warning

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
c_pattle
Forum Newbie
Posts: 9
Joined: Sat Apr 24, 2010 7:35 am

mysql password warning

Post by c_pattle »

Hey

I'm not sure if this it the correct place to post this but if not then feel free to move it.

I've created a mysql table to store user names and password and am trying to create a log in page which checks the username and passwords are valid.

I used this sql to create the table "create table users (first_name varchar(25) not null, last_name varchar(25) not null, username varchar(20) unique, password varchar(16);"

However when I try to insert data into the table using "insert into users (first_name, last_name, username, password) values ("jack", "jones", "jack", password("jack"));" it says there is a warning. It's something to do with the password because when you view the table the password is stored as a 15 character string with a "*" at the start.

Does anyone know what I'm doing wrong?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: mysql password warning

Post by requinix »

I'm too lazy:

What does the warning say?
rnoack
Forum Commoner
Posts: 34
Joined: Mon May 03, 2010 12:38 am

Re: mysql password warning

Post by rnoack »

im not sure if that is the exact code you used, but you missed a paren at the end of the create table after varchar(16) should be varchar(16));
but i feel like you should have got an error when creating the table in that case.
c_pattle
Forum Newbie
Posts: 9
Joined: Sat Apr 24, 2010 7:35 am

Re: mysql password warning

Post by c_pattle »

Thats a good point, how to a get mysql to display the warnings? I asked someone else and they said that the password function shouldn't be used by other applications. Does this mean I should forget the password() function and just store users passwords as text?
minorDemocritus
Forum Commoner
Posts: 96
Joined: Thu Apr 01, 2010 7:28 pm
Location: Chicagoland, IL, USA

Re: mysql password warning

Post by minorDemocritus »

To display the error message that MySQL returns, use mysql_error(). Example:

Code: Select all

$query = "SELECT * FROM `table` WHERE 1";
$result = mysql_query($query);
echo mysql_error();
The function returns a string containing the error from the last MySQL function that ran.

phpMyAdmin is very useful for debugging MySQL queries. The 'SQL' tab allows you to run queries directly, and gives you the error message.

As for the password function, I've never used it. I just store the hash of the password, after salting it for more security:

Code: Select all

$username = 'dummyuser';
$salt1 = '#jS7';
$salt2 = 's3N&';
$password = 'secret';
$token = sha1($salt1 . $password . $salt2);
$query = sprintf("INSERT INTO `users` (username,passhash) VALUES ('%s','%s')",
    mysql_real_escape_string($username),
    mysql_real_escape_string($token)
);
rnoack
Forum Commoner
Posts: 34
Joined: Mon May 03, 2010 12:38 am

Re: mysql password warning

Post by rnoack »

In my opinion it should be OK to share the password function between php and mysql because both are running on the server side. But that might be a better question for the security forum.
Post Reply