I have a mysql table with columns userid, password, hashedpassword. I used to store passwords as plain text in the password column. I now realize that is unacceptable and want to now hash all of them and store them the right way in the hashedpassword field.
You're going to get mad at the script below because it's horrifically inefficient. As you might guess, it timed out on my server. Can someone help an obviously inexperienced programmer with the proper way to update all of these fields in the database? Clearly connecting to the database for EACH record is idiotic :(...
$sql = "SELECT *
FROM users";
$result = mysqli_query($connection, $sql);
if (!$result) {
die("Database query failed: " . mysqli_error($connection));
} else {
while ($row=mysqli_fetch_array($result)) {
$userid=$row['userid'];
$passwordhashed=password_hash($row['password'], PASSWORD_DEFAULT);
$sql = "UPDATE users
SET hashedpassword='$passwordhashed'
WHERE userid='$userid'
LIMIT 1";
$update = mysqli_query($connection, $sql);
if (!$update) {
die("Database query failed: " . mysqli_error($connection));
} else {
//we good
}
}
}