HomeBuilding Your WebsiteWeb Database Development

encode && decode

joyce posted this at 01:16 — 22nd July 2002.

They have: 164 posts

Joined: Nov 2001

hi, tried to use the encode and decode function in mysql.

i managed to encode my password but i have problems with decoding it.

my page requires user to login b4 they can browse the page. i didnt' manage to decode the password becos each time i login, it prompt me incorrect password.

this is how i encode and decode password:

update user set password = encode("joyce", "abc") where email = '$email'

SELECT decode("login_pass", "abc"), login_name FROM user where email = '$email'
'

pls advice..

ROB posted this at 01:37 — 22nd July 2002.

They have: 447 posts

Joined: Oct 1999

if all you want to do is keep the password from being readable in plain text, use the PASSWORD() function.

something like this should work, although i dont have time to test it:

INSERT INTO users(name,password) VALUES('my name',PASSWORD('my password'));

//validate the password
// 'entered password' is the password supplied by the user
SELECT COUNT(*) AS passok FROM users WHERE username='my name' AND password = PASSWORD('entered password') LIMIT 1;
// the above query will return 0 for false (bad password) or 1 for true (good password)
'

or, you can use php's crypt function

$salt = 'AB';

mysql_query("INSERT INTO users(name,password) VALUES('my name','".crypt('my password',$salt)."')");

// now the password is stored encrypted in the database
// to validate a password encrypt what they supply before comparing

$entered_password = crypt($entered_password,$salt);
if($entered_password == $password_in_database) echo 'password ok';
else echo 'password bad';
'

Peter J. Boettcher posted this at 12:35 — 22nd July 2002.

Peter J. Boettcher's picture

They have: 812 posts

Joined: Feb 2000

Are you using the BLOB column type to save the encoded value? I think you have to use that type of column to save encoded data and be able to decode it.

PJ | Are we there yet?
pjboettcher.com

Mark Hensler posted this at 16:53 — 23rd July 2002.

Mark Hensler's picture

He has: 4,048 posts

Joined: Aug 2000

In the decode() function, do not put the field name in quotes.

UPDATE user SET password=ENCRODE("joyce", "seed") WHERE email='$email'

SELECT DECODE(password, "seed") as password FROM user WHERE email='$email'
'

Mark Hensler
If there is no answer on Google, then there is no question.

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.