c_pattle Posted November 5, 2010 Share Posted November 5, 2010 I was just wondering what is the best way to handle passwords using mysql and php. For example if a user is registering (creating a username and password) and then logging in using that password what is the must secure way to handle this. Is it okay to just use password like and other field? Thanks for any help. Quote Link to comment Share on other sites More sharing options...
OldWest Posted November 5, 2010 Share Posted November 5, 2010 I am not sure of your experience with programming with php & mysql. But to answer your first question, there are several ways you can configure your code to be inserted into a database. You want to be sure the data being entered is sanitized - meaning it's free of any characters or symbols that could destroy your database or site files. There are several php functions that do just that. The password should use the php md5() function to create a hash of the password in the database for extra security. Using an SSL connection is also not a bad idea for passing secure data through an http connection. The password field type (in html) should be of type=password .. this will ensure the characters are dotted out for visual security.. Hope this helps some. Quote Link to comment Share on other sites More sharing options...
revraz Posted November 6, 2010 Share Posted November 6, 2010 Salt and MD5 is a good way. You don't really have to sanitize the password, because it is hashed before it gets sent to the database. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.