Re: PHP to md5 the $var before it reaches MySQL's gen query log

"bedul" <landavia81@xxxxxxxxx> · Sat, 12 May 2007 17:58:50 +0700

username BLOB NOT NULL default '',
password BLOB NOT NULL default '',

do you try
username varchar 50,
password varchar 50??

i'm just ask..
sry, hope that's can solve your problem

----- Original Message -----
From: "Chetan Graham" <chetan_graham@xxxxxxxxxxxxxx>
To: <php-db@xxxxxxxxxxxxx>
Sent: Saturday, May 12, 2007 4:28 PM
Subject:  PHP to md5 the $var before it reaches MySQL's gen query
log

> Greetings to All,
> I am having difficulty in 'md5'ing a $var in a function before it is
> placed into the ("INSERT INTO table...
>
> The whole point is I don't want the MySQL DB logs showing my $var's
> password and username 'before' it is encrypted by MySQL's md5.
>
> When MySQL receives PHP's encrypted $var the log shows query INSERT with
> the 32 bits but it is not inserted into the DB.
>
> MySQL will not accept the $var's in the code that is commented out.
> It shows no errors by the way.
> MySQL accepts what is shown, but this is not as I explained what I want.
> Thanks In Advance,
> Chetan
>
>  mysql_query("CREATE TABLE IF NOT EXISTS docproedit (
>               id int(11) NOT NULL auto_increment,
>               username BLOB NOT NULL default '',
>               password BLOB NOT NULL default '',
>               TimeEnter timestamp,
>               PRIMARY KEY (id)
>                )
>               ENGINE=MyISAM;")or die('Create Died' . mysql_error());
>
>
> <?php
> $db_server='localhost';
> $db_user='root';
> $db_pass='somepassword';
> $db_name='aims site';
> $tbl_name='docproedit';
> $con = mysql_connect($db_server,$db_user,$db_pass) or die(mysql_error());
> $q=mysql_select_db($db_name, $con) or die(mysql_error());
>
> function addNewUser($username,$password){
> global $q;
> global $tbl_name;
> global $con;
> //$user=md5($username);
> //$pass=md5($password);
> //mysql_query("INSERT INTO $tbl_name
> (username,password)VALUES('$user'),('$pass')");
> $user=$username;
> $pass=$password;
> mysql_query("INSERT INTO $tbl_name
> (username,password)VALUES(md5('$user'),md5('$pass'))");
> return mysql_query($q,$con);
> }
> ?>
> <?php
> $username="somename";
> $password="somepassword";
>
> addNewUser($username,$password);
> echo "<h2>New User Added!</h2>";
> ?>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php