These days SHA should really be used instead of MD5, and you should be
SALTing the password as well.
Here's a great guide : http://phpsec.org/articles/2005/password-hashing.html
Michael Kubler
*G*rey *P*hoenix *P*roductions <http://www.greyphoenix.biz>
Jan G.B. wrote:
2009/2/9 Andrew Williams <andrew4willi...@gmail.com>:
Can some body help out on how to validate user password from the database?
There are several possibilities. This would be one.
<?
$query = 'SELECT 1 from `usertable` where `name` = ' .
mysql_real_escape_string(STRIPPED_AND_TRIMMED_REQUEST_VAR_HERE)
. ' AND `pass` = md5("' .
mysql_real_escape_string(STRIPPED_AND_TRIMMED_REQUEST_VAR_HERE) .
'");';
?>
