使用PDO准备语句插入密码哈希 [英] Insert password hash using PDO Prepared Statements

问题描述

在基本的mysql插入中，您可以设置密码变量'PASSWORD($ password)'，但这会破坏PDO语句.

In a basic mysql insert you are able to set a password variable 'PASSWORD($password)' but this breaks a PDO statement.

在使用pdo :: prepare和pdo :: execute时如何哈希密码?

How do you hash the password while using pdo::prepare and pdo::execute?

$sql= "INSERT INTO contractors (userid, password, name) VALUES ('$userid', '$pass1', '$name')";
$result = $dbh->prepare($sql);
$count = $result->execute();

Echo $count."<br>";

我就是n00b，一个简单的注册页面花了我两天时间.欢迎幼儿园的答案.

I am such a n00b, a simple registration page has taken me two days. Kindergarten answers are welcomed.

谢谢

推荐答案

如果要使用MD5进行哈希处理，可以在构造SQL语句之前使用密码进行以下操作:

If you wanted to hash using MD5, you could do the following with the password before constructing the SQL statement:

$pass1 = md5($pass1);
$sql = "INSERT INTO contractors ( userid, password, name ) VALUES ( '$userid', '$pass1', '$name' )";
$result = $dbh->prepare($sql);
$count = $result->execute();

echo $count."<br>";

即使是另一个哈希函数，其想法也是相同的.在构造SQL语句之前先对密码进行哈希处理.

The idea is the same even if it is another hash function. Hash the password before constructing the SQL statement.

以 Fiarr 和 VoteyDisciple 在下面的评论中指出，选择SHA哈希是因为它更安全.

As Fiarr and VoteyDisciple have noted in the comments below, opt for a SHA hash as it is more secure.

sha1()

这篇关于使用PDO准备语句插入密码哈希的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！