Daniel, I had tried both with and without quotes. Neither work.
Without quotes I get: select password, 1 as auth from acl where username='andrewd' and password = PASSWORD(madonna)1054 : Unknown column 'madonna' in 'where clause' Notice that madonna has not been crypted by the PASSWORD call either. Andrew -----Original Message----- From: Daniel Barton [mailto:[EMAIL PROTECTED]] Sent: Friday, 11 January 2002 2:40 PM To: Necro Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] MySQL Result Resource Andrew: Don't put quotes around your MySQL function call. i.e. PASSWORD($password) not 'PASSWORD($password)' p.s. Looking at this thread, it seems like most of the errors you're encountering have nothing to do with md5() or password(), but with syntax, like placement of quotes, or whether they are single quotes or double quotes. I would suggest experimenting with the syntax a bit, to check out what's kosher, and what's not? Check out the PHP manual's sections on 'Resource id's - I think you may find it to be very important to understanding how PHP interacts with databases. Resource ids, which are returned by quite a few function calls, are not classic variables - they need to be manipulated or interpreted before you use them. Cheers, db Necro wrote: > Ok, > > I have tried to go to PASSWORD after none of the suggestions worked out. > > The current statement is: > $arg = "select password, 1 as auth from acl where username='$username' and > password = 'PASSWORD($password)'"; > > But the error I get now is: > select password, 1 as auth from acl where username='andrewd' and password = > 'PASSWORD(madonna)'Resource id #2 > > Any ideas? > > Andrew > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, 11 January 2002 8:56 AM > To: Necro; [EMAIL PROTECTED] > Subject: RE: [PHP-DB] MySQL Result Resource > > Addressed to: "Necro" <[EMAIL PROTECTED]> > [EMAIL PROTECTED] > > ** Reply to note from "Necro" <[EMAIL PROTECTED]> Fri, 11 Jan 2002 > 03:41:43 +1100 > > select password, 1 as auth from acl where (username='andrewd' and > > password=(163e06103a371fd95b21b4a849bb4b91))1064 : You have an error in > your > > SQL syntax near 'a371fd95b21b4a849bb4b91))' at line 1 > > > > Does that help give any idea at all as to what the problem is? > > > > There are no quotes around "163e06103a371fd95b21b4a849bb4b91" The > error occurs where it does because '163e06103' is a valid exponential > notation value for a nubmer, but having an 'a' follow it is not valid. > > My solution would be: > > $Pass = md5( whatever ); # I don't care if you hash just the password > # or the username and password as long as > # you do it the same way as you entered > # the passwords. > > mysql_query( "SELECT password, 1 AS auth " . > "FROM acl " . > "WHERE username = '$username' " . > " AND password = '$Pass' " ); > > But I question what you are doing returning password, so it might work > as well as: > > mysql_query( "SELECT count(*) as Authorized " . > "FROM acl " . > "WHERE username = '$username' " . > " AND password = '$Pass' " ); > > This returns 0 or 1 in a field named Authorized depending on if the > password matches or not. > > You might also want to look at the MySQL PASSWORD() function and not > mess with md5 at all. > > Rick > > Rick Widmer > Internet Marketing Specialists > http://www.developersdesk.com > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- ---------- Dan Barton Terrestrial Program Biologist Asst. Data Manager Point Reyes Bird Observatory http://www.prbo.org [EMAIL PROTECTED] [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
