Home/ Questions/Q 7533037
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T05:37:33+00:00

$pass = substr(md5($_SERVER[‘REMOTE_ADDR’].microtime().rand(1,100000)),0,6); $insert = mysql_query(INSERT INTO users(username, password) VALUES( ‘.$username.’, ‘.md5($pass).’)); or $salt

  • 0
$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
        $insert = mysql_query("INSERT INTO users(username, password) VALUES( '".$username."', '".md5($pass)."')");

or

$salt = "zfgse5tfgHk2jdf4hGiuyeV9trejkewQ5kjujPhysftf7agfd";
$pass = crypt($password, "$1$".$salt);
$insert = mysql_query("INSERT INTO users (username, password) VALUES ('".$username."', '".$pass."')");

I am saving form data from a php registration form. Which of the above codes is secure? Anything better than these?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Method #1 will totally break everything, you’ll never be able to log in again. Pretty secure (unless you’re not escaping $username, in which case it’s totally worthless), but probably not your intention.

    Method #2 will work; but it looks like a little bit of a silly, complicated way of doing something that should be straightforward.

    Here’s what I usually use:

    public static function Hash($value) {
    return hash('sha512', hash('sha512', $value) . Config::HashSalt);
}

    where Config::HashSalt is your long, much more random salt string. This needs to be in a class. Here’s an example of the structure: https://github.com/minitech/ReTicket/blob/master/config.php

    • 0