Add MD5 hash to POST code

[webguync]

what would be the correct way to add an MD5 has to the following POST code?

 

$_POST['pass'] = mysql_real_escape_string($_POST ['pass']);
'".$_POST ['pass']."',

 

thanks in advance!

[Pikachu2000]

What do you mean by "add" it?

[webguync]

I am trying to get the posted Password info to appear as an MD5 hash when inserted into the DB.

 

I tried this, but get a syntax error.

 

$_POST['pass'] = mysql_real_escape_string($_POST MD5( ['pass']));
'".$_POST MD5(['pass'])."',

[jim_keller]

$_POST['pass'] = md5($_POST['pass']);

 

you don't need mysql_real_escape_string since MD5 will always return alphanumeric characters.

[Minimeallolla]

well since it is going into the database you might wanna just incase.

[revraz]

No need if it's being hashed.

[Pikachu2000]

well since it is going into the database you might wanna just incase.

 

As already stated, there is no need to do so, and it can actually be problematic to escape data that will be hashed. Here's why:

 

include('db_conn.php');
$string = "This \string\ is Bob's.";
echo md5($string) . " Hash of: $string";
echo '<br>' . md5(mysqli_real_escape_string($dbc, $string)) . " Hash of: " . mysqli_real_escape_string($dbc, $string);

 

The above returns this result. Make note that the hashed values do not match because the escaped string is different from the original.

Hash:  58d026576a486ce984336c666a941e0a  $string: This \string\ is Bob's.
Hash:  ad29428d5e650e5fa47d03f8ff21222a     Escaped $string: This \\string\\ is Bob\'s.