Empty result set being returned. Don't understand why

Question

This is the table.

And the query executed in phpmyadmin is

SELECT * FROM users WHERE hashed_password = '8c1017982b2032cc059203e3d83dd0ee2e7a86b3'

And the result is an empty result set. If the query is SELECT * FROM users WHERE username='tt' Then it works as expected.

Why ? is there something obvious that I am missing? the password was hashed using php's sha1()

SELECT * FROM users WHERE hashed_password LIKE '8c1017982b2032cc059203e3d83dd0ee2e7a86b3%' give empty result set.

Output of "show create table users"

  CREATE TABLE `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(255) NOT NULL,
  `hashed_password` varchar(255) NOT NULL,
  `favourites` text,
  `ip_address` varchar(40) DEFAULT NULL,
  `enabled` tinyint(1) NOT NULL DEFAULT '1',
  `trust_level` int(11) NOT NULL DEFAULT '0',
  `time_stamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
   PRIMARY KEY (`id`)
  ) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=latin1

Output of select hashed_password, length(hashed_password) from users

Answer 1

You might want to try something like:

SELECT * FROM users WHERE SHA1(hashed_password) = '8c1017982b2032cc059203e3d83dd0ee2e7a86b3'

Answer 2

Your hashes are 40 chars long (SHA-1 looks like) while your database fields contain 42 characters. Obviously, any 42-char hash will not compare equal to the 40-char literal you provide. Moreover, it seems that the two extra characters are at the beginning of the hash (otherwise the LIKE trick should have worked).

Find out why there are two more characters in there -- the code that inserts the hashes might know something about that.