sql - Simple encryption technique for MySQL using PHP -

-

How can I encrypt a user password?

Please understand from the beginning. I already have this sample code: 

  $ password = "john856"; $ Encrypt_password = MD5 ($ password); Echo $ encrypt_password;

How do I include it in my existing code, which does not do any encryption? 

  & lt; Php $ con = mysql_connect ("localhost", "root", ""); If (! $ Con) {dead ('Could not connect:' Mysql_error ()); } Mysql_select_db ("Coro", $ Conn); $ Sql ​​= "Username (name, FNAME, MNAME, UNAME, PW) value ('$ _POST [Lneym]', '$ _POST [Fneym]', '$ _POST [Mneym]', '$ _POST [unm ] ',' $ _POST [pass] ') "; If (! Mysql_query ($ sql, $ con)) {dead ('error:' mysql_error ()); } Echo "& lt; script> warnings ('user added! You can now use the system.') "; MySql_close ($ Conn)? & Gt;

Let me start with another important point:

Never enter $ 1 _POST variables directly into the query, this makes you very weak.

You should walk at least on each form value, including: 

  $ Lneym = $ _POST ["lunem"]; $ Lneym_halfway_safe = mysql_real_escape_string ($ Lneym); ... $ sql = "Include values ​​in the user (name, FNAME, MNAME, UNAME, PW) ('$ Lneym_halfway_safe',

You can still include md5 () directly Can be removed:

$ PW = md5 ($ _ POST ["PW"]); // no escape_ string () is not required here, // md5 checksum is protected

and then enter '$ PW' for the password area.

The best part is that the database will be used as a class, its parametric Queries automatically run SQL Inject May help you in preventing the problem. Maybe you help.

Seeing that you are not able to add md5 () to your code (no personal criticism, we all Once it started there) I recommend you to read that copying the important security features of a web platform on the fundamentals of programming is extremely dangerous and it is likely to end in tears.


Comments

Post a Comment

Popular posts from this blog

oracle - The fastest way to check if some records in a database table? -

-
I have a big table to work with. I have to see that there are some records whose parent_id is equal to my passing value. Currently I do this by implementing "my_table using select count (*) where parent_id =: id"; If the result> 0, it means that they exist. Because this is a very large table, and I do not care what the actual number of records present, I just want to know if it exists, so I think count (*) Bit is disabled. How do I apply this requirement most quickly? I'm using Oracle 10. # Tips for Hibernation & amp; Tricks It suggests writing in such a way: Integer number = (integer) session .createQuery ("Select Count (*) to ...."). UniqueResult (); I do not know what is the magic of the unique rule? Why does it fast? To compare, select "1 from mytable where parent_id = passId and rowrum", which is more efficient? If you are not interested in the number of records, then there is an EXISTS query one: Select 'y'
Read more

php - multilevel menu with multilevel array -

-
Just ask someone to solve this problem? I want to create a multilevel menu I can not find the right solution generated with multilevel array, it always gets an array_push error My study came from the original idea But still my Can not match the need. This is my MySQL [code] ----- --------------------- --------------- | ID | PARENT_ID | Name | Link | Seq | 1 | 0 | Dashboad | Dashboard / | 1 | 2 | 0 | Menu 1 | Menu 1 / | 2 | 3 | 0 | Menu 2 | Menu 2 / | 3 | 4 | 0 | Menu 3 | Menu 3 / | 4 | 5 | 2 | Joint Add / | 1 | 6 | 3 | Joint Add / | 1 | 7 | 2 | Edit | Edit / | 2 | 8 | 4 | Joint Add / | 1 ------------------------------------------ [/ Code] I want to do something like this in my array array ('dashboard' = & gt; array ('id' = & gt; '' 'Dame' = & gt; 'Dashboard', 'Title' = & gt; 'Dashboard', 'MatchMin' = & gt; Base_URL (). 'Dashboard /', 'Active' => = & Gt; NULL), &
Read more

jQuery UI: Datepicker month format -

-
I am trying to change the format of the month that shows in the popup (not in the date that the picker actually I do not have any choice anywhere to do this, do I like to use a sub-string () or something else? What I normally display is Trying to change: Class = "ui-datepicker-title"> January & lt; / span & gt; ... & lt; / div & gt; Div>
Read more