Home/ Questions/Q 7022075
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T23:32:00+00:00

the code below is unable to find a matching record when it should: $result

  • 0

the code below is unable to find a matching record when it “should”:

$result = mysql_query("SELECT * FROM $tbl_Name WHERE userID = '$userID' AND userKey = password('$user_password')");  // where $user_password = god12345 for example

userID comparison works fine if I remove the AND….
password comparison fails above. I am certain that when the user was created the password was hashed using password().

If I set $user_password to the actual hash stored in the data and compare literals, it works.
… AND userKey = '$user_password' // where $user_password = *29A59C23ED11F7E2510 for example

This is destroying me. Obviously I don’t want to compare literals.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Thanks to everyone who answered, particularly Mathieu who inspired me to realize my error.

    userKey VARCHAR(20) BINARY NOT NULL

    As of MySQL 4.1, the PASSWORD() function has been modified to produce a longer 41-byte hash value.

    So the problem was… the value stored in the dbase when I created the user was limited to 20 characters while the inputted value for login comparison was a longer 41-byte hash value.

    Prior to MySQL 4.1, password hashes computed by the PASSWORD() function are 16 bytes long.

    I was expecting the varchar(20) to hold all of the hash since the book I’m using as a guide was written in 2000….time to buy a new book.

    • 0