Home/ Questions/Q 8269459
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T06:13:59+00:00

I’m not exactly sure on the correct technical wording, so excuse my title, but

  • 0

I’m not exactly sure on the correct technical wording, so excuse my title, but here’s the problem. I have a MySQL database, and in the user table I have *user_name*, a *password_salt*, and an md5 password containing the password then salt. In a program, users connect and I get one query to send to validate a user.
When a user connects I need a way of selecting their user_name, and comparing the given password to the stored password, which requires retrieving the salt somewhere in the WHERE statement (I guess).

This is my hypothetical “example”:

SELECT user_name 
FROM users 
WHERE user_name='$nick' AND 
      password = md5(CONCAT('$md5pass', md5((select password_salt FROM users where user_name='$nick')))) 
LIMIT 1

Resolution Update: Got it working, thanks for the suggestions, a normal select sufficed, the problem was that the sql-auth api wasn’t receiving the password unless the port was specified.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Actually you can freely use any column from table declared in “FROM” clause not only in “SELECT” clause, but also in “WHERE” clause, so I don’t see a need to subquery here. Let it be simply:

    SELECT user_name 
FROM users 
WHERE user_name='$nick' AND 
      password = md5(CONCAT('$md5pass', md5(password_salt))) 
LIMIT 1

    This way a row is selected only if it matches both:
    – user name is correct
    – the password in row matches given password

    I am not sure though if I used md5() functions correctly. I copied your example.

    • 0