Posted by Ahmed Saad on 11/27/05 13:03

On 11/26/05, Yaswanth Narvaneni <yaswanth@gmail.com> wrote:
> I 'dont' want to use something like select * from table where
> table.passwd=password($passwd);

Well, i think you better use a specific password hashing function
rather than MySQL's password() 'cause it's implementation is not
consistent across versions (IIRC. they broke backward compatibility in
version 5).. Use md5() or sha1() so you know what alghorithm is used
and you can be almost sure that implementation across langauges and
versions is the same.

so when you store the password do a query like:

$sql .= "INSERT INTO sometable (name, password) VALUES ('someuser',
md5('somepassword'))";

PHP has an md5() and sha1() too, check the manual for them

-ahmed

[Back to original message]