alex1985

Mar 8 2008, 02:45 PM

QUOTE(rvalkass @ Mar 8 2008, 06:36 PM)

Well, I just ran that code on my own MySQL installation and it worked perfectly. I have found in the past that it can be a little picky about what it lets through and what it doesn't.

If that code still doesn't work, use phpMyAdmin to create the table, and copy the MySQL query it actually runs (it will be displayed to you after the table is created). Then you can be certain that code will work.

What's about my previous question?

Reply

truefusion

Mar 8 2008, 04:25 PM

QUOTE(alex1985 @ Mar 8 2008, 09:24 AM)

So, I need to make spaces between words and brackets?

Spaces (and new lines) are optional. It should work so long as you follow the syntax, like the error says. SQL query parse errors can be annoying.

Reply

Latest Entries

alex1985

Mar 11 2008, 11:03 AM

Thanks you guys. I will try to use yours, it seems better for me.

Reply

rvalkass

Mar 10 2008, 07:23 PM

QUOTE(jlhaslip @ Mar 10 2008, 07:01 PM)

Check the code that is posted above. It is using a salt value already.

SQL

INSERT INTO login (username,password,email,activated) value ('admin',sha1(concat('yourpasswordhere','0dAfghRqSTgx')),'youremailhere','1');

Personally I prefer a random salt rather than a fixed one. A fixed salt requires one edited dictionary file. Whereas a system with a different hash for each person requires an entirely separate dictionary, and corresponding hashes, for each user.

Reply

jlhaslip

Mar 10 2008, 07:01 PM

QUOTE

A good idea is to 'salt' the password

Check the code that is posted above. It is using a salt value already.

SQL

INSERT INTO login (username,password,email,activated) value ('admin',sha1(concat('yourpasswordhere','0dAfghRqSTgx')),'youremailhere','1');

Reply

rvalkass

Mar 10 2008, 06:57 PM

QUOTE(alex1985 @ Mar 10 2008, 05:40 PM)

Well, I just wanna ask you if it's good or appropriate way to encrypt the password. I checked the entry on PHPMyAdmin, and it does really encrypt the password. So, I can do that?!

SHA1 is a good way to encrypt passwords at the moment. You would also be wise to 'salt' the passwords. This is a way to prevent against dictionary attacks. Many people are still stupid enough to pick a single dictionary word as a password. That is incredibly insecure, even if the password is hashed.

A good idea is to 'salt' the password. That simply means adding some random values to the end of the password, before hashing it and saving it in the database. To do this, when the password is created, also create some random data using the rand() function, or something similar. Put this random value on the end of the user's password, then hash it, then put it in the database. You also need to store the random data in the database!!!

Then, to check the password entered by a user, take their username, and pull the relevant piece of random data, along with the hash for their password from the database. Tag the stored random data onto the end of the password they entered, and hash that whole string. If that matches the one in the database then the password they entered is correct.

It can seem a little complicated at first, but it is much more secure than just hashing a user-entered password.

Reply

galexcd

Mar 10 2008, 06:32 PM

QUOTE(alex1985 @ Mar 10 2008, 10:40 AM)

Well, I just wanna ask you if it's good or appropriate way to encrypt the password. I checked the entry on PHPMyAdmin, and it does really encrypt the password. So, I can do that?!

Well I'm not quite sure if sha1() is an sql function but I may be wrong, but it is a php function. And yes sha1 is a good encryption to use for encrypting passwords. It is similar to md5 but the hash is longer.

Reply

Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.

Nature of your Post*:		Opinion/ Reply/ Comments Question/Query Feedback to us.
Name			Email
Title/Question*
(Maximum characters: 10,000) You have characters left.
Confirm Code:

1. Newjoke.php [resolved] - Mistake? (15)
2. Simple Mysql Query Limiting - (9)

   Simple MySQL Query Limiting CODE <?php // If mypage?limit=blah is not defined returs 5
   if ( $_GET['limit'] == NULL ) {     $limit = 5; } // Else else {
       $limit = $_GET['limit']; } $query = mysql_query("SELECT
   * FROM members LIMIT '$limit'") or die(mysql_error()); while
   ($sql = mysql_fetch_array ($query) ) {     echo
   $sql['mem_name'] . '<br>'; } ?> Have fun.....

3. Mysql Query - (2)

   theres a bug somewhere in this query and i can't seem to find it. does anyone else see it?
   CODE $query = "insert into templates
   (tuid,tname,tdescription,template,archivedefault) values (1,'Sample Archive
   Template','A sample archive template that only shows the name of the article with a link to
   the default article viewer.','<a
   href='viewarticle1.php?aid=[id]'>[articletitle]</a>',FALSE&#
   41;"; ...

4. Using And?or In A Mysql Query - (2)

   hi everyone,
   
   
   I have been trying to get a script to come up with the total number of comments a news item has
   under it
   news ...

5. Error Importing Sql Query Via Php - Works in PHPmyAdmin (6)

   CODE     function sql()     {         $fp =
   fopen("sql.sql","r");         $sql =
   fread($fp,filesize("sql.sql"));         fclose($fp);
           return $sql;     } Thats $this->sql and here is the other source CODE
   function insert_sql()     {     if($_GET['insert'])  {
           $template = new template;         $db = new db;
           $db->connect();         $query = $this->sql();       ...

6. Query Not Running When Submitting A Form - (3)

   Im having trouble getting my PHP to work. Basically i have a form with a button linking to a php
   file. When i click submit it calls this file and is suppost to add the data to a database. Im using
   a my sql databse and it connects fine. Unfortunately when i click submit all i get is the
   "Inspection did not add". From this i know i have made a connection with the database and im
   absolutely 100% sure that all field names are correct on the forms and database. Any ideas? Heres
   the script.... PHP Code: CODE <html> <head> <meta http-equiv="C...

7. Sql Query - How do i run an SQL query (6)

   I have been attempting to add mods to PHPbb forums for a while now but i have been unable to because
   i have no idea how to run a Mysql or SQL Query. if anyone could let me know how i would greatly
   appreciate it....

8. Problem With Mysql Query - (1)

   I know this isn't the SQL forum but MySQL is used in PHP. I get an error Query: SELECT
   COUNT(users.*), COUNT(guests.*) FROM users INNER JOIN guests ON users.code != '' AND
   users.last_active >= 1106971028 AND guests.time >= 1106971028 AND users.last_ip != guests.ip
   Error#1064: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL
   server version for the right syntax to use near '*), COUNT(guests.*) FROM users INNER JOIN
   guests ON users.code...