Encryption

Zanjo

Another n00b question but when inserting data into a database using SHA1 do you need to do this:

INSERT INTO $table (`password`)
VALUES([B]'sha1($_POST['password'])'[/B]);

or something like that, and when retrieving from it:

SELECT * FROM $table WHERE sha1($_POST['password']);

Or can you just got $_POST['password']
Sorry I dont know how this works. Also what is a snippet for salting a sha1 command. Thanks you guys(or girls).

SargeZT

Except for the [ b ] tag, you need to set the query to have:

WHERE password='sha1($password)'

Zanjo

So you insert and retrieve passwords using the sha1/md5 function? So the sha1 can encrypt passwords and retrieve encrypted passwords?

SargeZT

No. What it does is see if the SHA1'd passwords they entered is the same as in the database with that user. If it is, then they have entered the correct password. It's not retriving the encrypted password, unencrypting and then comparing, it's encrypting and comparing.