Thanks for the info Hans!
I've got it working now.

-----Original Message-----
From: Hans Lellelid [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 13, 2004 7:28 PM
To: Gary Theisen
Subject: Re: Secure MySQL Access md5()


Passwords in the mysql.users table must be encrypted using MySQL's 
native PASSWORD() function, not MD5().  With newer versions of MySQL, I 
think there is some change in this, but AFAIK for 4.0.18 this is still true.

When connecting to the database you always use the plaintext password, 
and MySQL will do the encrypting (using PASSWORD()) and check it against 
what is in the row of the users table.


Gary Theisen wrote:

> Hi all,
> I've got:
> WinNT
> php 4.3.1
> phpmyadmin 2.5.6
> MySQL 4.0.18-nt
> I can connect to my db via my php script using:
> [php]
> $connection = mysql_connect ("localhost", "root", "")
> [/php]
> That works no problem.
> This will not work however:
> [php]
> $somePass = md5("somePass");
> $connection = mysql_connect ("localhost", "someID", $somePass) [/php]
> gives me this error:
> [quote]
> Access denied for user: '[EMAIL PROTECTED]' <mailto:'[EMAIL PROTECTED]'> 
> (Using password: YES) [/quote]
> I set someID up in the db using phpmyadmin, with it's password using 
> the
> md5() function.  I can see via phpmyadmin that someID does indeed have a
> byte encrypted password stored.
> I can then compare the stored md5 password to the md5 password I'm 
> passing to try to connect...via $somePass.  The encrypted passwords 
> match exactly.
> Why wouldn't the match be confirmed...allowing me to connect?
> Thanks!

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to