Addressed to: "Necro" <[EMAIL PROTECTED]>
              [EMAIL PROTECTED]

** Reply to note from "Necro" <[EMAIL PROTECTED]> Fri, 11 Jan 2002 03:41:43 +1100
> select password, 1 as auth from acl where (username='andrewd' and
> password=(163e06103a371fd95b21b4a849bb4b91))1064 : You have an error in your
> SQL syntax near 'a371fd95b21b4a849bb4b91))' at line 1
> Does that help give any idea at all as to what the problem is?

There are no quotes around  "163e06103a371fd95b21b4a849bb4b91"  The
error occurs where it does because '163e06103' is a valid exponential
notation value for a nubmer, but having an 'a' follow it is not valid.

My solution would be:

$Pass = md5( whatever ); #  I don't care if you hash just the password
                         #  or the username and password as long as
                         #  you do it the same way as you entered
                         #  the passwords.

mysql_query( "SELECT password, 1 AS auth " .
             "FROM acl " .
             "WHERE username = '$username' " .
             "  AND password = '$Pass' " );

But I question what you are doing returning password, so it might work
as well as:

mysql_query( "SELECT count(*) as Authorized " .
             "FROM acl " .
             "WHERE username = '$username' " .
             "  AND password = '$Pass' " );

This returns 0 or 1 in a field named Authorized depending on if the
password matches or not.

You might also want to look at the MySQL PASSWORD() function and not
mess with md5 at all.


Rick Widmer
Internet Marketing Specialists

PHP Database Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to