-
Sep 4th, 2002, 05:42 PM
#1
Thread Starter
Addicted Member
Call MySQL command (like PASSWORD) from PHP?
I used the MySQL command "PASSWORD" to encrypt a clear text password then INSERTed it INTO a database all within the same SQL statement.
Is there a way I can call the MySQL function PASSWORD (or any MySQL function) directly from PHP in a manner like this:
<?php
$clear_text_password = 'ThePassword';
$encrypted_password = mysql_call(PASSWORD($clear_text_password));
?>
Basically I want to retrieve the encrypted password from the database and perform a test like:
if(mysql_call(PASSWORD($clear_text_password)) == $encrypted_password_from_DB){...}
Note: I didn't use the vB Code "php" because the bold and italics was lost.
-
Sep 4th, 2002, 05:56 PM
#2
PowerPoster
You'd be better off using PHP's MD5 function to encrypt it before saving in the database, then MD5'ing the clear text password to see if they match. That way you don't have to worry about getting mysql to encrypt the input
-
Sep 4th, 2002, 06:11 PM
#3
Thread Starter
Addicted Member
Cool, Thanks.
Thanks. That should solve my immediate specific problem.
I won't write [Resolved] unless I see a general solution to invoking MySQL functions (although I don't need any other MySQL functions yet).
Thanks again.
-
Sep 4th, 2002, 06:41 PM
#4
PowerPoster
You could "combine" it with a select statement like this if you really wanted, I just think getting PHP to do it is a lot easier
PHP Code:
<?php
$mysql_server = 'localhost';
$mysql_username = 'root';
$mysql_password = '';
$mysql_db_name = 'db_name';
$mysql_db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
$mysql_select = mysql_select_db($mysql_db_name, $mysql_db);
// encrypt string using MySQL
$clear_text = 'test password';
$username = 'test user';
$result = mysql_query("SELECT users.Password, PASSWORD('$clear_text') AS EncPwd FROM users WHERE UserName = '$username'");
while ($result_row = mysql_fetch_array($result)) {
echo $result_row[Password];
echo '<br>';
echo $result_row[EncPwd];
}
?>
-
Sep 4th, 2002, 08:43 PM
#5
Thread Starter
Addicted Member
unclear
I like that approach. Too bad I'm not clear on why it works.
I expected EncPwd to be doubled like so:
enCryptedPassenCryptedPass
if the actual entry in the encrypted "Password" column in the DB would have been
enCryptedPass
At the page http://www.mysql.com/doc/en/SELECT.html they state
A SELECT expression may be given an alias using AS. The alias is used as the expression's column name and can be used with ORDER BY or HAVING clauses. For example:
Code:
mysql> SELECT CONCAT(last_name,', ',first_name) AS full_name
FROM mytable ORDER BY full_name;
In this example, are they concatenating so that a particular full_name could look like "Last, First"? I guess I was thinking that the concatenation is implied since they say the expression is what is supposed to have the alias.
So I am asking, why isn't
users.Password, PASSWORD('$clear_text')
implicitly concatenated without the "comma space" as in
CONCAT(last_name,', ',first_name)
Or, what is the point of AS alias if the following are equivalent? Why are these following statements not equivalent?
1) SELECT a,b,c,d AS MyAlias FROM list_table WHERE a = '$aVar'
2) SELECT d FROM list_table WHERE a = '$aVar'
3) SELECT a FROM list_table WHERE a = '$aVar'
In 1), I would expect the concatenation of 4 columns. Which column am I getting back in your statement since I didn't get the doubling effect I expected?
Last edited by Phenix; Sep 4th, 2002 at 08:47 PM.
-
Sep 4th, 2002, 09:00 PM
#6
PowerPoster
EncPwd is the plain text password that the user entered after it has been encrypted by the Password function
My statement is getting Mysql to return the password for that user from the database (users.Password), and the encrypted form of the password that somebody entered to verify. All you then have to do is see if they match.
I don't quite see where CONCAT comes into this, but any function that returns something can have an alias, be it concat, password or whatever.
-
Sep 4th, 2002, 11:21 PM
#7
Thread Starter
Addicted Member
I think I understand now
So basically the "AS alias" operates on only the immediately preceding expression component PASSWORD('$clear_text') and not the entire expression after SELECT and before AS?
-
Sep 5th, 2002, 08:25 AM
#8
PowerPoster
That is correct
The comma seperates the fields, an action you perform on one field has no influence on any other
-
Sep 6th, 2002, 01:36 PM
#9
Thread Starter
Addicted Member
Thanks
Thank you, young Jedi.
The PHP is strong with this one.
-
Sep 6th, 2002, 04:54 PM
#10
PowerPoster
lol
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|