dousi4900 2013-07-22 20:53
浏览 115

如何加密插入MySQL表的密码? [重复]

This question already has an answer here:

I have some code to register that works, but I don't know how to hash the password. I want to use sha512.

$con=mysqli_connect("localhost","root","","users");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$sql="INSERT INTO users (username, password, email)
VALUES
('$_POST[username]','$_POST[password]','$_POST[email]')";

if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "Thank you.";

mysqli_close($con);

I am aware of my mysql login having no password. This is a local mysql server just used for tests.

</div>
  • 写回答

5条回答 默认 最新

  • dpj775835868 2013-07-22 20:57
    关注

    You can use the hash() function to hash your password:

    $hashed_password = hash('sha512', $_POST['password']);

    Then modify your insert statement to insert your hashed password into the database:

    INSERT INTO users (username, password, email)
VALUES ('$_POST[username]', '$hashed_password', '$_POST[email]');

    Be aware that your SQL statement is vulnerable to SQL injection since you are using unsanitized user input. For improved security and to protect the integrity of your data, please consider escaping and validating the input before using it in an SQL statement. One way to accomplish this is via mysqli_real_escape_string():

    $escaped_username = mysqli_real_escape_string( $con, $_POST['username'] );
$escaped_email = mysqli_real_escape_string( $con, $_POST['email'] );
    评论

报告相同问题?

悬赏问题

  • ¥20 西门子S7-Graph,S7-300,梯形图
  • ¥50 用易语言http 访问不了网页
  • ¥50 safari浏览器fetch提交数据后数据丢失问题
  • ¥15 matlab不知道怎么改,求解答!!
  • ¥15 永磁直线电机的电流环pi调不出来
  • ¥15 用stata实现聚类的代码
  • ¥15 请问paddlehub能支持移动端开发吗?在Android studio上该如何部署?
  • ¥20 docker里部署springboot项目,访问不到扬声器
  • ¥15 netty整合springboot之后自动重连失效
  • ¥15 悬赏!微信开发者工具报错,求帮改