MySQL won't recognize MD5

Question

One quick question..

I am trying to see if an MD5 password is the same with the MySQL entry but I fail badly atm. (It works OK on my offline server though..)

Can you please let me know what I am doing wrong in this query:

SELECT * FROM `users` WHERE `username` = '".trim($_POST['username'])."' AND `password` = '".md5(trim($_POST['password']))."' LIMIT 0,1;

Thanks!

Answer 1

As they have explained in the comments, you want to be using either Mysqli or the MySQL PDO class ... Personally I use PDO, which can help a lot with security, and it's not too hard to get your head around.

Here's a tutorial that helped me: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers

If you want to do it the way you have posted, could you post the full php MySQL statement, and we may be able to point you in the right direction :D

Oh, and another point, you don't really want ot be using MD5 either ... It's really vulnerable to rainbow attacks ... Try using Blowfish with salts ... Here's a tutorial for that: http://www.the-art-of-web.com/php/blowfish-crypt/