Escaping MySQL passwords necessary when md5 is used?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have an application in which the password is stored in the database
as md5(md5('passWord').'userSpecificSalt'). I'm checking the password
entered with:
$password=md5(  md5('$_POST['password']').'userSpecificSalt'  );
$query="SELECT id FROM table WHERE password='{$password}'";

Now I'm a bit queasy about not using mysql_real_escape_string() on
that $password variable! Please reassure me or tell me the folly of my
ways. Thanks!

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux