If you're converting the input data in a md5 hash has no reason to scape it. Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar <http://www.twitter.com/igorescobar> On Wed, Sep 21, 2011 at 2:53 PM, Dotan Cohen <dotancohen@xxxxxxxxx> wrote: > I have an application in which the password is stored in the database > as md5(md5('passWord').'userSpecificSalt'). I'm checking the password > entered with: > $password=md5( md5('$_POST['password']').'userSpecificSalt' ); > $query="SELECT id FROM table WHERE password='{$password}'"; > > Now I'm a bit queasy about not using mysql_real_escape_string() on > that $password variable! Please reassure me or tell me the folly of my > ways. Thanks! > > -- > Dotan Cohen > > http://gibberish.co.il > http://what-is-what.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
