Reputation: 69
Encrypting a password column in a SQL database
I have a column in my database name password, I just want to hash or encrypt the password before posting to the database. I have a code like this in my php submit file.
<?php
session_start();
include('config.php');
$ID=$_POST['ID'];
$name=$_POST['name'];
$password=$_POST['password'];
$department=$_POST['department'];
$email=$_POST['email'];
$ID_arr=array();
$name_arr=array();
$password_arr=array();
$dept_arr=array();
$email_arr=array();
$i = -1;
++$i;
$ID_arr[$i]= $_POST['ID'];
$name_arr[$i]= $_POST['name'];
$password_arr[$i]= $_POST['password'];
$dept_arr[$i]= $_POST['department'];
$email_arr[$i]= $_POST['email'];
$j=0;
while ( $j <= $i)
{
$ID = $ID_arr[$i];
$name = $name_arr[$i];
$password = $password_arr[$i];
$department = $dept_arr[$i];
$email = $email_arr[$i];
$sql = "INSERT INTO `employee`. `admin` (ID ,name ,password ,department
,email) VALUES (
'$ID' ,'$name' ,'$password' ,'$department' ,'$email'
)";
$result = mysql_query($sql);
if(!$result){
die('invalid query:'.mysql_error());
}
else
echo ("<tr><td>" . "You have been succesfully registered..." . "</td></tr>");
header('Refresh:5; url=adminlogin.php');
die;
}
?>
May i know where should put the encrypt function? Or any way to encrypt the password?
Upvotes: 3
Views: 3319
Answers (4)
Reputation: 13534
First of all, forget md5. If you use PHP >= 5.1.2 you are able to use hash() function.
From the code you have regarded:
...
$j=0;
while ( $j <= $i)
{
$ID = $ID_arr[$i];
$name = $name_arr[$i];
$password = $password_arr[$i];
$department = $dept_arr[$i];
$email = $email_arr[$i];
...
You just have to make the following to the $password:
$password = hash('sha256', $password_arr[$i]);
However, using sha256, you have to ensure that your password field in your database's table is 64 or more in length i,e varchar(64) or char(64). Look at the following question's answer as a guide:
Also, in your config.php you may define a slat such as $salt, which will be a fixed string to be added to every password:
//in your config.php
...
$salt = 'jhfdkjdhfTyhdh3365@jdh69kkshhQAAAiyeg'// some ungussed string
...
// in your hash code:
$password = hash('sha256', $salt.$password_arr[$i]);
Upvotes: 0
Reputation: 13525
You can use the MySQL PASSWORD function and also PHP crypt function.
An example of the MySQL function:
INSERT INTO table VALUES (PASSWORD('abcd'));
Upvotes: 3
Reputation: 13263
If you have PHP >= 5.5.0 then:
$password = password_hash('the password');
If you have an older version of PHP then use the compatibility library. Include the lib/password.php file and then use the documentation as usual.
Upvotes: 1
Reputation: 232
If you password is a variable, try using something like this
$input=mysqli_real_escape_string($con, $_POST['password']);
$password = md5($input);
And let your SQL be something like
UPDATE table SET password='$password';
untested code...
from the actual manual.
http://php.net/manual/en/function.md5.php
Upvotes: -1
Related Questions
- How to encrypt a specific column in a MySQL table?
- Encrypt password for sql connection in php
- Encrypt password on database
- Encrypt password before storing in database?
- Encrypting a password column
- Encrypting a database password column
- Encrypt / Decrypt Text in MySQL Column with PHP
- Decrypt password in php
- PHP encrypt password before storing it to database
- How can I encrypt password data in a database using PHP?