Home/ Questions/Q 8646845
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T12:55:06+00:00

I have an existing database with users, each users password is stored as an

  • 0

I have an existing database with users, each users password is stored as an MD5 hash.

Im trying to create a login form using PHP (Which im very new too) only I cant seem to get it to work, I know my username and password is correct yet I still receive the error that its wrong, Have I got to convert my password input to MD5 before checking the username in the table?

I currently have…

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

If I echo my password its outputted as text not a hash 

$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In addition to hashing your password before comparing to what you have on your DB, you really should add a “salt” into that password hashing. This “salt” is nothing more than a random arbitrary string that you concatenate to the passwords, and it will make your hashed password “unique”. I mean, if someone knows what a md5(‘12345’) is a string ‘A’, this salt will make your users’ password ‘12345’ as the string ‘B’ in your DB. Thus outsiders won’t be able to identify them very easily. So I’d suggest that you hash your passwords with a custom function myHashMD5() that calls md5() adding the proper “salt”.
    Besides that, in mysql you should compare strings with the operator LIKE, and not =.
    Also, I use the function http://php.net/manual/en/function.mysql-real-escape-string.php for avoiding SQL injection, and your code is vulnerable to it.

    • 0