Page 1 of 1

MD5 function in MYSQL Help

Posted: Wed Apr 30, 2008 10:35 pm
by jurklins
Hey guys, i am trying to have a php authentication login that check into the database:

Code: Select all

 
$web_username=$_SERVER['PHP_AUTH_USER'];
$web_password=$_SERVER['PHP_AUTH_PW'];
require_once('db-connect.php');
$query="select username,password from users where username like '";
$query1=$web_username."' and password=MD5('".$web_password."')";
$query=$query.$query1;
echo $query."<br/>";
$result=$connection->query($query);
 
from the echo query, this is the result:
select username,password from users where username like 'abcUserName' and password=MD5('abcPassword')


but it doesn't seem to work this way in mysql. Any comments??

Re: MD5 function in MYSQL Help

Posted: Thu May 01, 2008 1:14 am
by s.dot
Just md5() the password in PHP.

Re: MD5 function in MYSQL Help

Posted: Thu May 01, 2008 3:15 am
by onion2k
What do you mean by "it doesn't seem to work this way in mysql"? Your SQL looks ok to me.

Re: MD5 function in MYSQL Help

Posted: Thu May 01, 2008 11:26 am
by jurklins
it should return 1 row where it didnt.....

Re: MD5 function in MYSQL Help

Posted: Thu May 01, 2008 11:29 am
by pickle
Are the passwords hashed in the DB?

The query looks fine, it may not be asking of your DB what you think it is.

Re: MD5 function in MYSQL Help

Posted: Thu May 01, 2008 12:49 pm
by Mordred
1. Use mysql_real_escape_string() on both values.
2. Don't use LIKE, use =
3. What does phpMyAdmin say if you do the same query?

Re: MD5 function in MYSQL Help

Posted: Fri May 02, 2008 2:31 pm
by jurklins
No idea what is going on .. But i drop the table and create it back. It seems to work now. By the way what should be the data type of password? Is varchar or char arite?

Re: MD5 function in MYSQL Help

Posted: Fri May 02, 2008 2:33 pm
by jurklins
ya .. the tutorial that i am following is also using "=" instead of "like" . Why is it bettter though? Never really understand what all these sqlinjection does