may i ask if it is ok to create a $password variable with my real password as the string? it seems like mysql_real_escape_string() won't work because this function only works after the connection is made, but i've also read that php code is not actually viewable by a user...
went1180
0
Newbie Poster
Recommended Answers
Jump to PostFind the encrypted value of your password string and do $encrypted_password = '**********';
Then, do a check against md5($entered_password) == $encrypted_password. This way, if someone gains FTP access, or another user on your server, won't know what your password is.
Jump to PostAh, you're right. I was referring to a password being entered in a form. In such a case, entering the password in plain text is the only alternative I know of, since md5() and sha1() are both one-way encryption algorithms.
All 6 Replies
Barnz
0
Junior Poster in Training
Dani
4,084
The Queen of DaniWeb
Administrator
Featured Poster
Premium Member
went1180
0
Newbie Poster
Dani
4,084
The Queen of DaniWeb
Administrator
Featured Poster
Premium Member
went1180
0
Newbie Poster
Puckdropper
7
Posting Pro in Training
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.