MD5 password UPDATE?

phpsql_me

Guys, Im trying to update a username and password with my php code, however it WILL update my username but WONT update my password for some reason:

code:

$sql = "UPDATE techcompany SET logon_username = '{$_POST['logon_username']}', logon_password = '{$_POST[MD5('logon_password')]}' WHERE logon_username = '{$_SESSION['username']}'";

After it posts, it just erases my MD5 current password altogether and dont know why!

Dvector

Try encrypting the password you want before inserting it:

$password = MDS($_POST['logon_password']);

Then run your SQL statement with $password:

$sql = "UPDATE techcompany SET logon_username = '{$_POST['logon_username']}', logon_password = '$password' WHERE logon_username = '{$_SESSION['username']}'";

bretticus

{$_POST[MD5('logon_password')]}

is the problem, firstly the {} monikers indicate a variable always, you cannot insert a mysql function in a PHP variable. second, the 'logon_password' inside $POST['logon_password'] is neccessary to even get your POST value. In other words even if it was possible to parse the PHP MD5 function in this sense, you would be telling PHP to return the result of a $POST array element with the associative key of the hashed value (not likely Jim.) Your query should be:

$sql = "UPDATE techcompany SET logon_username = '{$_POST['logon_username']}', logon_password = MD5('{$_POST['logon_password']}') WHERE logon_username = '{$_SESSION['username']}'";

Dvectors example will work too, I just wanted you to know why you were sending a blank to the database.