Results 1 to 10 of 10

Thread: Call MySQL command (like PASSWORD) from PHP?

  1. #1

    Thread Starter
    Addicted Member Phenix's Avatar
    Join Date
    Sep 2002
    Location
    Near A Cube
    Posts
    228

    Question Call MySQL command (like PASSWORD) from PHP?

    I used the MySQL command "PASSWORD" to encrypt a clear text password then INSERTed it INTO a database all within the same SQL statement.

    Is there a way I can call the MySQL function PASSWORD (or any MySQL function) directly from PHP in a manner like this:

    <?php
    $clear_text_password = 'ThePassword';
    $encrypted_password = mysql_call(PASSWORD($clear_text_password));
    ?>

    Basically I want to retrieve the encrypted password from the database and perform a test like:
    if(mysql_call(PASSWORD($clear_text_password)) == $encrypted_password_from_DB){...}

    Note: I didn't use the vB Code "php" because the bold and italics was lost.

  2. #2
    PowerPoster
    Join Date
    Jul 1999
    Posts
    5,923
    You'd be better off using PHP's MD5 function to encrypt it before saving in the database, then MD5'ing the clear text password to see if they match. That way you don't have to worry about getting mysql to encrypt the input

  3. #3

    Thread Starter
    Addicted Member Phenix's Avatar
    Join Date
    Sep 2002
    Location
    Near A Cube
    Posts
    228

    Thumbs up Cool, Thanks.

    Thanks. That should solve my immediate specific problem.

    I won't write [Resolved] unless I see a general solution to invoking MySQL functions (although I don't need any other MySQL functions yet).

    Thanks again.

  4. #4
    PowerPoster
    Join Date
    Jul 1999
    Posts
    5,923
    You could "combine" it with a select statement like this if you really wanted, I just think getting PHP to do it is a lot easier

    PHP Code:
    <?php

    $mysql_server 
    'localhost';
    $mysql_username 'root';
    $mysql_password '';
    $mysql_db_name 'db_name';

    $mysql_db mysql_connect($mysql_server$mysql_username$mysql_password);
    $mysql_select mysql_select_db($mysql_db_name$mysql_db);

    // encrypt string using MySQL
    $clear_text 'test password';
    $username 'test user';
    $result mysql_query("SELECT users.Password, PASSWORD('$clear_text') AS EncPwd FROM users WHERE UserName = '$username'");

    while (
    $result_row mysql_fetch_array($result)) {
        echo 
    $result_row[Password];
        echo 
    '<br>';
        echo 
    $result_row[EncPwd];
    }

    ?>

  5. #5

    Thread Starter
    Addicted Member Phenix's Avatar
    Join Date
    Sep 2002
    Location
    Near A Cube
    Posts
    228

    Unhappy unclear

    I like that approach. Too bad I'm not clear on why it works.

    I expected EncPwd to be doubled like so:
    enCryptedPassenCryptedPass
    if the actual entry in the encrypted "Password" column in the DB would have been
    enCryptedPass

    At the page http://www.mysql.com/doc/en/SELECT.html they state
    A SELECT expression may be given an alias using AS. The alias is used as the expression's column name and can be used with ORDER BY or HAVING clauses. For example:
    Code:
    mysql> SELECT CONCAT(last_name,', ',first_name) AS full_name
        FROM mytable ORDER BY full_name;
    In this example, are they concatenating so that a particular full_name could look like "Last, First"? I guess I was thinking that the concatenation is implied since they say the expression is what is supposed to have the alias.

    So I am asking, why isn't
    users.Password, PASSWORD('$clear_text')
    implicitly concatenated without the "comma space" as in
    CONCAT(last_name,', ',first_name)

    Or, what is the point of AS alias if the following are equivalent? Why are these following statements not equivalent?
    1) SELECT a,b,c,d AS MyAlias FROM list_table WHERE a = '$aVar'
    2) SELECT d FROM list_table WHERE a = '$aVar'
    3) SELECT a FROM list_table WHERE a = '$aVar'

    In 1), I would expect the concatenation of 4 columns. Which column am I getting back in your statement since I didn't get the doubling effect I expected?
    Last edited by Phenix; Sep 4th, 2002 at 08:47 PM.

  6. #6
    PowerPoster
    Join Date
    Jul 1999
    Posts
    5,923
    EncPwd is the plain text password that the user entered after it has been encrypted by the Password function

    My statement is getting Mysql to return the password for that user from the database (users.Password), and the encrypted form of the password that somebody entered to verify. All you then have to do is see if they match.

    I don't quite see where CONCAT comes into this, but any function that returns something can have an alias, be it concat, password or whatever.

  7. #7

    Thread Starter
    Addicted Member Phenix's Avatar
    Join Date
    Sep 2002
    Location
    Near A Cube
    Posts
    228

    Thumbs up I think I understand now

    So basically the "AS alias" operates on only the immediately preceding expression component PASSWORD('$clear_text') and not the entire expression after SELECT and before AS?

  8. #8
    PowerPoster
    Join Date
    Jul 1999
    Posts
    5,923
    That is correct

    The comma seperates the fields, an action you perform on one field has no influence on any other

  9. #9

    Thread Starter
    Addicted Member Phenix's Avatar
    Join Date
    Sep 2002
    Location
    Near A Cube
    Posts
    228

    Thumbs up Thanks

    Thank you, young Jedi.

    The PHP is strong with this one.

  10. #10
    PowerPoster
    Join Date
    Jul 1999
    Posts
    5,923
    lol

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width