2009/2/9 Michael Kubler <mdkknd@xxxxxxxxx>: > These days SHA should really be used instead of MD5, and you should be > SALTing the password as well. > Here's a great guide : http://phpsec.org/articles/2005/password-hashing.html Good advice. I would also advise against stripping and trimming anything from passwords. By removing characters you're significantly reducing the number of possible passwords. -Stuart > Jan G.B. wrote: >> >> 2009/2/9 Andrew Williams <andrew4williams@xxxxxxxxx>: >> >>> >>> Can some body help out on how to validate user password from the >>> database? >>> >> >> There are several possibilities. This would be one. >> <? >> $query = 'SELECT 1 from `usertable` where `name` = ' . >> mysql_real_escape_string(STRIPPED_AND_TRIMMED_REQUEST_VAR_HERE) >> . ' AND `pass` = md5("' . >> mysql_real_escape_string(STRIPPED_AND_TRIMMED_REQUEST_VAR_HERE) . >> '");'; >> ?> -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
