Password()?

Anon

Hi all,

I'm just learning PHP and it's interface to MySql. Thus far just about everything that I've run into has been posted in some manner here, it looks to be a great place to get some help.

The problem I'm having is with the password() passing to my MySql database. When I do an insert, it puts the encrypted password into the database, no problem.

The problem I'm having is when I try to retreive the password and compare it to what the user has entered.

$query = "select * from users where username = '$username' and password = password('$password')";
$result = mysql_query($query);

Am I missing something here? Any help would be greatly appreciated!

-Dave

[deleted]

"Am I missing something here?"

Yes.
The trick is that passwords are never decrypted. If you could decrypt the passwords in your script, then what would be the point of encrypting them in the first place? :-)

What you do is:
- Store the encrypted password in the DB
- Receive the password that the user entered.
- Encrypt the received password
- Compare the encrypted password with the stored encrypted password from the database.