dongza1708
2011-04-21 17:54
浏览 352
已采纳

mysql sha256密码哈希编辑疯狂!

I hash my passwords like so;

 hash('sha256', $_POST['password'], date('y/m/d'))

Now say a password that is 'aaa' enters my mysql table like so;

˜4‡mÏ°\±g¥ÂIS륌JÈ›ßWò/    ¯~èð

Now when I go in to edit anything on that row, it will disregard some characters and change it to something along the lines of;

˜4‡mÏ°\±g¥ÂIS륌JÈ›

I have tried changing all the unicode settings for the mysql connection, the database, tables, and the individual row. I am using PDO, and InnoDB.

Am I doing something daft?!?

Thanks.

图片转代码服务由CSDN问答提供 功能建议

我这样哈希我的密码;

  hash('  sha256',$ _POST ['密码'],日期('y / m / d'))
   
 
 

现在说'aaa'的密码进入我的密码 像这样的mysql表;

 〜4‡mÏ°\ _g¥ÂIS륌JÈ>ßWò/¯~èð
   
 \  n 

现在当我进去编辑那一行的任何内容时,它会忽略一些字符并将其改为某些字符;

 〜4‡mÏ°  \ _g¥ÂIS륌JÈ> 
   
 
 

我尝试更改mysql连接,数据库,表格和单个行的所有unicode设置。 我正在使用PDO和InnoDB。

我做了什么蠢事?!

谢谢。

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

3条回答 默认 最新

  • douxia2137 2011-04-21 17:57
    已采纳

    The prototype of the hash function is:

    string hash ( string $algo , string $data [, bool $raw_output = false ] )
    

    You're passing date('y/m/d') as the third argument, resulting in binary output, as the string is interpreted as true.

    You probably want hex output. You should drop that third argument. You probably wanted to integrate the date into the field somehow, which requires concatenation.

    已采纳该答案
    打赏 评论
  • dongya9904 2011-04-21 17:56

    make sure your column has a binary type, or convert your hash to a hex string before inserting it in your db (bin2hex(hash('sha256', …, …));)

    打赏 评论
  • douchen2011 2011-04-21 17:56

    Am I doing something daft?!?

    Yes. You shouldn't really edit a set of bytes manually in phpMyAdmin. It's not a string, you know.

    To ensure the data is ok in DB, ensure your column is of BINARY type and always insert it escaped with mysql_real_escape_string.

    打赏 评论

相关推荐 更多相似问题