Reply to Re: [PHP] Re: Select and $_POST

Your name:

Reply:


Posted by M on 11/10/05 11:46

Chris Shiflett wrote:
> Ben Ramsey wrote:
>
>> $clean = array();
>> $sql = array();
>
>
> Glad to see someone spreading this habit. :-) Thanks, Ben.
>
>> if (ctype_alnum($_POST['pass']))
>> {
>> $clean['pass'] = $_POST['pass'];
>> }
>
>
> I think it's fine to cheat a bit with the password and trust the output
> format of md5():
>

$clean['pass'] = md5((ini_get('magic_quotes_gpc') ?
stripslashes($_POST['pass']) : $_POST['pass']));

or users with quotes in their password won't be able to log in.

> $clean['pass'] = md5($_POST['pass']);
>
> Of course, it is best to use a salt:
>
> $salt = 'SHIFLETT';
> $clean['pass'] = md5($salt . md5($_POST['pass'] . $salt));
>
> Chris
>

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация