Home/ Questions/Q 7488085
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T14:44:01+00:00

I’ve got a login script that I’m just starting on. When a new password

  • 0

I’ve got a login script that I’m just starting on. When a new password is entered it is first encrypted using MD5, then stored in the database.

When I type the username and password in my login form and submit it, I’m trying to verify the stored password against a $_POST variable like this:

$username = $_POST['username'];
$password = md5($_POST['password']);
//database stuff here
$q = mysql_query("SELECT * FROM Users WHERE username='$username'");
while ($row = mysql_fetch_array($q))
{
    if ($row['password'] == $password)
    {
        echo "Passwords match.";
    }
    else
    {
        echo "Password is incorrect.";
        echo "<br />Entered password: " . $password;
        echo "<br />Stored password: " . $row['password'];
    }
}

This is just in the testing stages, so the password that I’m attempting to verify is ‘password’, for simplicity. If I output $_POST[‘password’], I get password – however, if I output the MD5 hash as stored in the database and md5($_POST[‘password’]), they do not match. The latter has extra characters. Anyone know why this is happening?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Despite the other answers, MD5 as an algorithm does not produce hexadecimal characters at all. MD5 is an operation that is performed on binary data. As output, it returns 16 bytes of binary data.

    It’s the PHP function that returns a hexadecimal string. It depends on the way you want to handle the output of the hash if this is what you want. If you store the hash as binary data you might want to use the “raw” output:

    string md5 ( string $str [, bool $raw_output = false ] )

    • 0