On Wed, Jul 8, 2009 at 9:48 AM, Martin Scotta<martinscotta@xxxxxxxxx> wrote: > $sql = 'SELECT * FROM your-table WHERE username = \''. $username .'\' > and passwd = md5( concat( \'' . $username .'\', \'@\', \'' . $password > .'\'))'; > > I use this solution because md5 run faster in Mysql > > > > > -- > Martin Scotta > If you were running a loop to build a rainbow table or brute-force a password, I could see where that would matter. For authenticating a single user it seems like premature optimization to me. On my development machine, where PHP runs slow inside of the IDE, the average time to perform an md5 hash on a text string of 38 characters (much longer than most passwords) over 10000 iterations is around 0.00085 seconds. I can live with that. :-) I still like handling the encryption in PHP and then passing the encrypted value to the database for storage/comparison. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
