[thelist] don't know what this SQL does...
David Bindel
dbindel at austin.rr.com
Sat Aug 30 15:16:51 CDT 2003
thelist-bounces at lists.evolt.org wrote:
> UPDATE authuser SET passwd=password('$password')
>
> OK, will I sort of know waht it does.
>
> But I never saw that passwd=password('$password') command before
>
> Can someone explain it to me?
PASSWORD() is a MySQL function that hashes (encrypts) a string so as not
to be stored in plain text. If you don't encrypt passwords, if your
database is cracked into to, the cracker will have very easy access to
all the passwords that are stored.
$password gets the value of the $password variable from your PHP script.
So if $password = 'money',
then "PASSWORD('$password')"
is equivalent to "PASSWORD('money')".
HTH,
David
--
David I. Bindel
Website Development
dbindel at austin.rr.com
www.davidbindel.com
More information about the thelist
mailing list