Mark Hensler — Tue, 23 Jul 2002 16:53:28 +0000

In the decode() function, do not put the field name in quotes.

UPDATE user SET password=ENCRODE("joyce", "seed") WHERE email='$email'

SELECT DECODE(password, "seed") as password FROM user WHERE email='$email'

Peter J. Boettcher — Mon, 22 Jul 2002 12:35:23 +0000

Are you using the BLOB column type to save the encoded value? I think you have to use that type of column to save encoded data and be able to decode it.

ROB — Mon, 22 Jul 2002 01:37:42 +0000

if all you want to do is keep the password from being readable in plain text, use the PASSWORD() function.

something like this should work, although i dont have time to test it:

INSERT INTO users(name,password) VALUES('my name',PASSWORD('my password'));

//validate the password
// 'entered password' is the password supplied by the user
SELECT COUNT(*) AS passok FROM users WHERE username='my name' AND password = PASSWORD('entered password') LIMIT 1;
// the above query will return 0 for false (bad password) or 1 for true (good password)

or, you can use php's crypt function

$salt = 'AB';

mysql_query("INSERT INTO users(name,password) VALUES('my name','".crypt('my password',$salt)."')");

// now the password is stored encrypted in the database
// to validate a password encrypt what they supply before comparing

$entered_password = crypt($entered_password,$salt);
if($entered_password == $password_in_database) echo 'password ok';
else echo 'password bad';