RES: [PHP] Installing PHP

Thanks for the help, people. Problem solved. -Mensagem original- De: Alejandro Michelin Salomon (Hotmail) [mailto:amichel...@hotmail.com] Enviada em: quarta-feira, 21 de setembro de 2011 00:07 Para: 'Mateus Almeida' Cc: php-general@lists.php.net Assunto: RES: [PHP] Installing PHP Mateus

[PHP] Escaping MySQL passwords necessary when md5 is used?

I have an application in which the password is stored in the database as md5(md5('passWord').'userSpecificSalt'). I'm checking the password entered with: $password=md5( md5('$_POST['password']').'userSpecificSalt' ); $query="SELECT id FROM table WHERE password='{$password}'"; Now I'm a bit queas

Re: [PHP] Escaping MySQL passwords necessary when md5 is used?

On Wed, Sep 21, 2011 at 13:53, Dotan Cohen wrote: > I have an application in which the password is stored in the database > as md5(md5('passWord').'userSpecificSalt'). I'm checking the password > entered with: > $password=md5(  md5('$_POST['password']').'userSpecificSalt'  ); > $query="SELECT id F

Re: [PHP] Escaping MySQL passwords necessary when md5 is used?

If you're converting the input data in a md5 hash has no reason to scape it. Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar On Wed, Sep 21, 2011 at 2:53 PM, Dotan Cohen wrote: > I ha

Re: [PHP] Escaping MySQL passwords necessary when md5 is used?

On Wed, Sep 21, 2011 at 21:03, Daniel Brown wrote: >    It never hurts to be overly cautious, but as MD5 hashes are > strictly alphanumeric (using hex characters), you won't have an issue > with injection with the code above.  That is, of course, unless your > version of PHP is rebuilt without MD5

Re: [PHP] Escaping MySQL passwords necessary when md5 is used?

Thanks Igor. I will sleep peacefully this night! -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Escaping MySQL passwords necessary when md5 is used?

On Wed, Sep 21, 2011 at 15:32, Dotan Cohen wrote: > > The rebuild without md5 is an interesting point. That sounds exactly > like the type of it-will-never-happen-until-it-happens-to-me problems! > Thanks for the heads up. I should've specified, though, that then you would simply have the fat

Re: [PHP] Escaping MySQL passwords necessary when md5 is used?

On Wed, Sep 21, 2011 at 22:36, Daniel Brown wrote: >    I should've specified, though, that then you would simply have the > fatal error message (call to undefined function) pass through, not the > unhashed original text. > Yes, that is obvious. -- Dotan Cohen http://gibberish.co.il http://wh