could i ask how to encrypt a password when it submits to the database?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Paul NIcolai Sunga
    New Member
    • Mar 2008
    • 43
    #1

    could i ask how to encrypt a password when it submits to the database?

    .i need your help guys,. thanks, i just want to know how to encrypt the password that have been submit to the database.

    /* $lik refers to the database linked, i assumed that the database has been connected */

    Code:
    <?Php

$uname = $_POST['unametxtbox'];
$pwd = $_POST['pwdtxtbox'];

$query = mysqli_query($link, "Insert into user_tbl(username, password) values('$uname', '$pwd');

?>

    where should i put the crypt object here in my codes?

    thanks,
    Last edited by Markus; Oct 5 '08, 11:06 AM. Reason: added [code] tags
    Tags: None
    • Markus
      Recognized Expert Expert
      • Jun 2007
      • 6092
      #2
      Hey, Paul.

      First things first, you've been on the forums for long enough to know that when you submit code you wrap it with [code] tags. Remember this or there shall be further action taken.

      Second, when you insert data into a database, you should always assume it's corrupt data, ie. always escape the data to clear out any possibilities of mysql_injection. Please read the tutorial on this; it will show you how to escape your POST values (and GET).

      Now onto your question.

      I would crypt() the data as you're inserting it. This way, the original is left readable and you can use it for other stuff.

      Code:
      <?Php
 
$uname = $_POST['unametxtbox']; // ESCAPE THESE!
$pwd = $_POST['pwdtxtbox']; // ESCAPE THESE!
 
$query = mysqli_query($link, "Insert into user_tbl(username, password) values('$uname', 'crypt($pwd)');
 
?>
      Last edited by Markus; Oct 5 '08, 11:17 AM. Reason: silly me forgot code tags

        Comment

        • bnashenas1984
          Contributor
          • Sep 2007
          • 257
          #3
          The most common commands programmers use on PHP to store users passwords on database is MD5 and SHA1.
          I usualy use MD5 , It changes the password to a 32 bit code which is not reversable BUT after discussing with one of the moderators of this forum (Atli) I realized that SHA1 is safer to use.

          What you can do is that you use MD5 or SHA1 before you put the password in your database like this :

          Code:
          MD5($password);

// OR

SHA1($password);
          And next time the user enters password you use these functions again before comparing the users input with your database.

          Note : The result of these two functions are not the same

          Hope this helps you

            Comment

            • Paul NIcolai Sunga
              New Member
              • Mar 2008
              • 43
              #4
              Originally posted by bnashenas1984
              The most common commands programmers use on PHP to store users passwords on database is MD5 and SHA1.
              I usualy use MD5 , It changes the password to a 32 bit code which is not reversable BUT after discussing with one of the moderators of this forum (Atli) I realized that SHA1 is safer to use.

              What you can do is that you use MD5 or SHA1 before you put the password in your database like this :

              Code:
              MD5($password);

// OR

SHA1($password);
              And next time the user enters password you use these functions again before comparing the users input with your database.

              Note : The result of these two functions are not the same

              Hope this helps you









              thankz very much indeed!!!






              regards,




              paul nicolai sunga

                Comment

                Previous template Next
                Working...