0

may i ask if it is ok to create a $password variable with my real password as the string? it seems like mysql_real_escape_string() won't work because this function only works after the connection is made, but i've also read that php code is not actually viewable by a user...

4
Contributors
6
Replies
7
Views
11 Years
Discussion Span
Last Post by Puckdropper
0

may i ask if it is ok to create a $password variable with my real password as the string? it seems like mysql_real_escape_string() won't work because this function only works after the connection is made, but i've also read that php code is not actually viewable by a user...

I always wondered this myself,

But im not sure so you could just encrypt it anyway, there are functions in PHP that do this.

0

Find the encrypted value of your password string and do $encrypted_password = '**********';

Then, do a check against md5($entered_password) == $encrypted_password. This way, if someone gains FTP access, or another user on your server, won't know what your password is.

0

I'm not sure if we're talking about the same thing. I THINK you might be referring to a form where a user logs in with a password, whereas I am trying to write a script which takes $_POST data and enters it into an INSERT query using the username and password in mysql_connect().

$hostname="blah.blah.net";
$username="blahblahjunior";
$password="blahblahblah";
$dbname="blahbase";
$usertable="blahusers";

$con = mysql_connect($hostname,$username, $password);

i.e. is the $password string in the php file used to connect to the database ever visible/hackable by an outside user.

p.s. yer cute

0

Ah, you're right. I was referring to a password being entered in a form. In such a case, entering the password in plain text is the only alternative I know of, since md5() and sha1() are both one-way encryption algorithms.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.