View Single Post
Old 16th August 2011, 14:46
Mark_NL Mark_NL is offline
Senior Member
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts

Falko, with that query, MySQL will use a different salt every time you call it, so the same entered password, it will be saved differently in the db, and you can never match against it, since you don't know the salt mysql used during

INSERT INTO users(name, pass) VALUES('john', ENCRYPT('password','(*#Ng383'));
This will save the same encrypted string over and over.

for his solution he should use:
INSERT INTO users(..., password) VALUES('...', ENCRYPT(".$_POST['password'].", 'odufmsircklsc'));
("odufmsircklsc" being the salt)
Reply With Quote