[thelist] don't know what this SQL does...

David Bindel dbindel at austin.rr.com
Sat Aug 30 15:41:56 CDT 2003

Walter Torres wrote:
> David Bindel wrote:
>> PASSWORD() is a MySQL function that hashes (encrypts) a string so as 
>> not to be stored in plain text.  If you don't encrypt passwords, if 
>> your database is cracked into to, the cracker will have very easy 
>> access to all the passwords that are stored.
> So, if this is a mySQL function to encrypt a password, how would you 
> retrieve this password for validation?

You don't.  :-)

You can't decrypt, but you can encrypt other things and then compare the
encrypted values.

To compare the password hash in the database with a password from a
login script (for example), you compare the passwd field in your
database table to PASSWORD('$password').

Here's some example SQL (in PHP):

$sql = "SELECT userid FROM sometable WHERE passwd =

That compares the hash stored in the database to the hash of $password
(the user input).

I hope that makes sense... if not, someone else here can probably
explain it better.


    David I. Bindel
  Website Development
 dbindel at austin.rr.com

More information about the thelist mailing list