Forum Moderators: coopster
I put this command when I needed to insert into DB:
$inserirsql = "insert into USUARIOS values('','','','$nome','$sobrenome','$email',
'$endereco','$telefone','$cpf','$login',
PASSWORD('$senha1'))";
And It's working very well...
However, I need to validate this USER using your "login", and "senha" - but when the system try to validate this attributes with this:
$consulta = "SELECT * FROM USUARIOS WHERE (login=\"$login\")AND(senha=PASSWORD(\"$senha\"))";
He don't find anything...
What am I doing wrong?
Thanks!
My first suggestion to you would be to see if mysql is giving an error. Try something like this:
$consulta = "SELECT * FROM USUARIOS WHERE (login=\"$login\")AND(senha=PASSWORD(\"$senha\"))";
mysql_query($consulta) or die(mysql_error());
I'm sorry about my English, but I'm from Brazil...
Lets go...
I did what you said, but the MySQL, didn't return a error, so I think that are wrong in the sintax, don't you think?
Because, when I put the valeu that is stored in the "senha" at MySQL, without the function PASSWORD, It's work...
Thanks
Note: The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead. Also see RFC 2195 for more information about handling passwords and authentication securely in your applications.Resource:
[dev.mysql.com...]
I think you will find that a 32 character column for the password and the PHP md5() [php.net] function will suit fine for your applications. It is used quite often for many different types of applications.
Next, it's odd that you are not receiving an error. At first I was thinking that perhaps you got an error from the double quotation marks, depending on your server setup (if the ANSI_QUOTES SQL mode is enabled [dev.mysql.com]). But it may be something entirely different.
If you decide to stick with this route, we will help you troubleshoot but my advice at this point would be to change your encryption method.
