View Single Post
  #12  
Old 16th August 2011, 13:46
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 99 Times in 95 Posts
Default

Falko, with that query, MySQL will use a different salt every time you call it, so the same entered password, it will be saved differently in the db, and you can never match against it, since you don't know the salt mysql used during

Code:
INSERT INTO users(name, pass) VALUES('john', ENCRYPT('password','(*#Ng383'));
This will save the same encrypted string over and over.

for his solution he should use:
Code:
INSERT INTO users(..., password) VALUES('...', ENCRYPT(".$_POST['password'].", 'odufmsircklsc'));
("odufmsircklsc" being the salt)
Reply With Quote