may i ask if it is ok to create a $password variable with my real password as the string? it seems like mysql_real_escape_string() won't work because this function only works after the connection is made, but i've also read that php code is not actually viewable by a user...
went1180
0
Newbie Poster
Recommended Answers
Jump to PostFind the encrypted value of your password string and do $encrypted_password = '**********';
Then, do a check against md5($entered_password) == $encrypted_password. This way, if someone gains FTP access, or another user on your server, won't know what your password is.
Jump to PostAh, you're right. I was referring to a password being entered in a form. In such a case, entering the password in plain text is the only alternative I know of, since md5() and sha1() are both one-way encryption algorithms.
All 6 Replies
Barnz
0
Junior Poster in Training
may i ask if it is ok to create a $password variable with my real password as the string? it seems like mysql_real_escape_string() won't work because this function only works after the connection is made, but i've also read that php code is not actually viewable by a user...
I always wondered this myself,
But im not sure so you could just encrypt it anyway, there are functions in PHP that do this.
Dani
4,084
The Queen of DaniWeb
Administrator
Featured Poster
Premium Member
Find the encrypted value of your password string and do $encrypted_password = '**********';
Then, do a check against md5($entered_password) == $encrypted_password. This way, if someone gains FTP access, or another user on your server, won't know what your password is.
went1180
0
Newbie Poster
I'm not sure if we're talking about the same thing. I THINK you might be referring to a form where a user logs in with a password, whereas I am trying to write a script which takes $_POST data and enters it into an INSERT query using the username and password in mysql_connect().
$hostname="blah.blah.net";
$username="blahblahjunior";
$password="blahblahblah";
$dbname="blahbase";
$usertable="blahusers";
$con = mysql_connect($hostname,$username, $password);i.e. is the $password string in the php file used to connect to the database ever visible/hackable by an outside user.
p.s. yer cute
Dani
4,084
The Queen of DaniWeb
Administrator
Featured Poster
Premium Member
Ah, you're right. I was referring to a password being entered in a form. In such a case, entering the password in plain text is the only alternative I know of, since md5() and sha1() are both one-way encryption algorithms.
went1180
0
Newbie Poster
my bad ambiguous post to start with. thx...
Puckdropper
7
Posting Pro in Training
I asked the same question several months ago.
Here's the thread:
http://www.daniweb.com/techtalkforums/thread48057.html
Users of Mozilla and Firefox may want to right click and select "Open in new Tab" especially if they're browsing with tabs now.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.