php 将密码以 md5 格式插入数据库?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15434701/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
insert password into database in md5 format?
提问by James Tanner
can anyone please show me or explain how i can insert a password into a database in md5 format? even if you can just point me in the right direction or something i'd be grateful because I'm only new to mysql thanks.
任何人都可以向我展示或解释我如何以 md5 格式将密码插入到数据库中吗?即使你能指出我正确的方向或什么,我也会很感激,因为我只是 mysql 的新手,谢谢。
$query="INSERT INTO ptb_users (id,
user_id,
first_name,
last_name,
email )
VALUES('NULL',
'NULL',
'".$firstname."',
'".$lastname."',
'".$email."',
'".$password."'
)";
mysql_query($query) or dieerr();
$result = mysql_query("UPDATE ptb_users SET ptb_users.user_id=ptb_users.id");
采纳答案by John Woo
回答by Darren
Don't use MD5as it is insecure. I would recommend using SHAor bcryptwith a salt:
不要使用,MD5因为它不安全。我会建议使用SHA或bcrypt使用salt:
SHA256('".$password."')
回答by symcbean
Darren Davies is partially correct in saying that you should use a salt - there are several issues with his claim that MD5 is insecure.
Darren Davies 说你应该使用盐是部分正确的 - 他声称 MD5 不安全有几个问题。
You've said that you have to insert the password using an Md5 hash, but that doesn't really tell us why. Is it because that's the format used when validatinb the password? Do you have control over the code which validates the password?
您已经说过您必须使用 Md5 哈希插入密码,但这并没有真正告诉我们原因。是因为这是验证密码时使用的格式吗?您是否可以控制验证密码的代码?
The thing about using a salt is that it avoids the problem where 2 users have the same password - they'll also have the same hash - not a desirable outcome. By using a diferent salt for each password then this does not arise (with very large volumes of data there is still a risk of collisions arising from 2 different passwords - but we'll ignore that for now).
使用 salt 的好处在于它避免了 2 个用户具有相同密码的问题——他们也将拥有相同的哈希值——这不是理想的结果。通过为每个密码使用不同的盐,就不会出现这种情况(对于大量数据,仍然存在由 2 个不同密码引起的冲突风险 - 但我们现在将忽略它)。
So you can aither generate a random value for the salt and store that in the record too, or you could use some of the data you already hold - such as the username:
因此,您可以为盐生成一个随机值并将其存储在记录中,或者您可以使用您已经拥有的一些数据 - 例如用户名:
$query="INSERT INTO ptb_users (id,
user_id,
first_name,
last_name,
email )
VALUES('NULL',
'NULL',
'".$firstname."',
'".$lastname."',
'".$email."',
MD5('"$user_id.$password."')
)";
(I am assuming that you've properly escaped all those strings earlier in your code)
(我假设您已经在代码中正确地转义了所有这些字符串)
回答by Martin
if you want to use md5 encryptioon you can do it in your php script
如果你想使用 md5 encryptioon 你可以在你的 php 脚本中做到
$pass = $_GET['pass'];
$newPass = md5($pass)
and then insert it into the database that way, however MD5 is a one way encryption method and is near on impossible to decrypt without difficulty
然后以这种方式将其插入数据库,但是 MD5 是一种单向加密方法,几乎不可能毫无困难地解密
回答by bstrx
You can use MD5() in mysql or md5() in php. To use salt add it to password before running md5, f.e.:
您可以在 mysql 中使用 MD5() 或在 php 中使用 md5()。要使用 salt 在运行 md5 之前将其添加到密码中,fe:
$salt ='my_string';
$hash = md5($salt . $password);
It's better to use different salt for every password. For this you have to save your salt in db (and also hash). While authentication user will send his login and pass. You will find his hash and salt in db and find out:
最好为每个密码使用不同的盐。为此,您必须将盐保存在 db(以及哈希)中。而身份验证用户将发送他的登录名和通行证。你会在 db 中找到他的 hash 和 salt 并找出:
if ($hash == md5($salt . $_POST['password'])) {}
