RE: [PHP-DB] MySQL Result Resource

[Necro]

Ok,


I have tried to go to PASSWORD after none of the suggestions worked out.

The current statement is:
        $arg = "select password, 1 as auth from acl where username='$username' and
password = 'PASSWORD($password)'";

But the error I get now is:
select password, 1 as auth from acl where username='andrewd' and password =
'PASSWORD(madonna)'Resource id #2

Any ideas?

Andrew

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, 11 January 2002 8:56 AM
To: Necro; [EMAIL PROTECTED]
Subject: RE: [PHP-DB] MySQL Result Resource


Addressed to: "Necro" <[EMAIL PROTECTED]>
              [EMAIL PROTECTED]

** Reply to note from "Necro" <[EMAIL PROTECTED]> Fri, 11 Jan 2002
03:41:43 +1100
> select password, 1 as auth from acl where (username='andrewd' and
> password=(163e06103a371fd95b21b4a849bb4b91))1064 : You have an error in
your
> SQL syntax near 'a371fd95b21b4a849bb4b91))' at line 1
>
> Does that help give any idea at all as to what the problem is?
>


There are no quotes around  "163e06103a371fd95b21b4a849bb4b91"  The
error occurs where it does because '163e06103' is a valid exponential
notation value for a nubmer, but having an 'a' follow it is not valid.


My solution would be:


$Pass = md5( whatever ); #  I don't care if you hash just the password
                         #  or the username and password as long as
                         #  you do it the same way as you entered
                         #  the passwords.

mysql_query( "SELECT password, 1 AS auth " .
             "FROM acl " .
             "WHERE username = '$username' " .
             "  AND password = '$Pass' " );


But I question what you are doing returning password, so it might work
as well as:

mysql_query( "SELECT count(*) as Authorized " .
             "FROM acl " .
             "WHERE username = '$username' " .
             "  AND password = '$Pass' " );

This returns 0 or 1 in a field named Authorized depending on if the
password matches or not.


You might also want to look at the MySQL PASSWORD() function and not
mess with md5 at all.

Rick

Rick Widmer
Internet Marketing Specialists
http://www.developersdesk.com

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]