[thelist] don't know what this SQL does...

David Bindel dbindel at austin.rr.com
Sat Aug 30 15:16:51 CDT 2003


thelist-bounces at lists.evolt.org wrote:
> UPDATE authuser SET passwd=password('$password')
> 
> OK, will I sort of know waht it does.
> 
> But I never saw that passwd=password('$password')  command before
> 
> Can someone explain it to me?

PASSWORD() is a MySQL function that hashes (encrypts) a string so as not
to be stored in plain text.  If you don't encrypt passwords, if your
database is cracked into to, the cracker will have very easy access to
all the passwords that are stored.

$password gets the value of the $password variable from your PHP script.

So if $password = 'money',
then "PASSWORD('$password')"
is equivalent to "PASSWORD('money')".

HTH,
David

-- 
    David I. Bindel
  Website Development
 dbindel at austin.rr.com
  www.davidbindel.com



More information about the thelist mailing list