Home/ Questions/Q 582785
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T14:43:26+00:00

How do I encrypt a user password in PHP ? Please explain in a

  • 0

How do I encrypt a user password in PHP?

Please explain in a way a beginner can understand. I already have this sample code:

$password = "john856";
$encrypt_password = md5($password);

echo $encrypt_password;

How do I incorporate it in my current code, which does not do any encryption?

<?php
    $con = mysql_connect("localhost","root","");

    if (!$con) { die('Could not connect: ' . mysql_error()); }

    mysql_select_db("koro", $con);

    $sql="INSERT INTO users
            (LNAME, FNAME, MNAME, UNAME, PW)
          VALUES
            ('$_POST[Lneym]', '$_POST[Fneym]', '$_POST[Mneym]', '$_POST[Uneym]', '$_POST[Pass]')";

    if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); }

    echo "<script>alert('User added! You can now use the system.')</script>";

    mysql_close($con)
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Let me start with a more important point:

    You must never pass through $_POST variables directly into the query. This makes you extremely vulnerable to SQL injections.

    You should at the very least least run mysql_real_escape_string() on every form value you insert:

    $Lneym = $_POST["Lneym"];
$Lneym_halfway_safe = mysql_real_escape_string($Lneym);

....

$sql="INSERT INTO users 
          (LNAME, FNAME, MNAME, UNAME, PW)
        VALUES 
          ('$Lneym_halfway_safe',

    You can then also incorporate the md5() straight away:

    $PW = md5($_POST["PW"]);  // no escape_string() needed here, 
                          // the md5 checksum is safe

    and then insert '$PW' for the password field.

    The best thing would be using a database class like PDO. Its parametrized queries feature automatically helps prevent SQL injections. Maybe this tutorial helps you.

    Seeing as you are not even able to add md5() to your code (no personal criticism, we all started there once) I strongly recommend you read up on programming basics. Copy-pasting crucial security features for a web platform is horribly dangerous and is likely to end in tears.

    • 0