dongza1708
dongza1708
2011-04-21 17:54
浏览 185
已采纳

mysql sha256密码哈希编辑疯狂!

I hash my passwords like so;

 hash('sha256', $_POST['password'], date('y/m/d'))

Now say a password that is 'aaa' enters my mysql table like so;

˜4‡mÏ°\±g¥ÂIS륌JÈ›ßWò/    ¯~èð

Now when I go in to edit anything on that row, it will disregard some characters and change it to something along the lines of;

˜4‡mÏ°\±g¥ÂIS륌JÈ›

I have tried changing all the unicode settings for the mysql connection, the database, tables, and the individual row. I am using PDO, and InnoDB.

Am I doing something daft?!?

Thanks.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

3条回答 默认 最新

  • douxia2137
    douxia2137 2011-04-21 17:57
    已采纳

    The prototype of the hash function is:

    string hash ( string $algo , string $data [, bool $raw_output = false ] )
    

    You're passing date('y/m/d') as the third argument, resulting in binary output, as the string is interpreted as true.

    You probably want hex output. You should drop that third argument. You probably wanted to integrate the date into the field somehow, which requires concatenation.

    点赞 评论
  • dongya9904
    dongya9904 2011-04-21 17:56

    make sure your column has a binary type, or convert your hash to a hex string before inserting it in your db (bin2hex(hash('sha256', …, …));)

    点赞 评论
  • douchen2011
    douchen2011 2011-04-21 17:56

    Am I doing something daft?!?

    Yes. You shouldn't really edit a set of bytes manually in phpMyAdmin. It's not a string, you know.

    To ensure the data is ok in DB, ensure your column is of BINARY type and always insert it escaped with mysql_real_escape_string.

    点赞 评论

相关推荐