www.webdeveloper.com
Results 1 to 7 of 7

Thread: concatenate a MD5 string with another

  1. #1
    Join Date
    Dec 2009
    Location
    UK
    Posts
    30

    concatenate a MD5 string with another

    Hello people

    I Have a MySQL query that i want to send to a different page. To make it secure before it is sent I am MD5()ing the string. Then sending the data using sessions.

    When the second page receives the string i want to add a new string to the end of the MD5() string. Basically to change the where clause

    Not sure if MD5 is the best way to encrypt or if there is a better way to move variables other than a session.

    PHP Code:
    //First page.
    session_start();

    $q "SELECT Field_1, Field_2 FROM `some_table`";

    $_SESSION['query'] = md5($q); 
    PHP Code:
    //Second Page
    session_start();
    $q $_SESSION['query'];

    $query $q " WHERE Field_1='123';";
        
        
    $run = @mysqli_query($dbc$query);
               
    //get info from database..... 
    Any ideas would be very appreciated!

    Thanks

    Joe

  2. #2
    Join Date
    Dec 2005
    Posts
    2,984
    Not a chance.

    You're query would then look something like this:

    Code:
    mysqli_query($dbc,"ce8e8a7847e4d4837d6c8d4d3b8898cc  WHERE Field_1='123';"
    That makes no sense to a database or anything/body else.

    Maybe it would help more if you told us what you were trying to accomplish?
    Why cant you build the entire query on a single page?
    I've switched careers...
    I'm NO LONGER a scientist,
    but now a web developer...
    awesome.

  3. #3
    Join Date
    Dec 2009
    Location
    UK
    Posts
    30
    I'm updating a login script i made in college. I only want to enter the query once (selecting the fields and table).

    So I have 1 page for the form, and initial selecting of the user from the DB.
    Then a second that i include at the top of each page that checks if the sessions are active and the user is still in the database. Maybe i do not need the query in second page?

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    18,923
    Regardless of whether you need to store a query in the session data (I'm not convinced that should be the case), you probably do not need to encrypt it since it stays on the server (only the session ID is sent to the client). If you are concerned that you're on a shared server and someone might be able to view your session data, then you could use your database to store the session data.

    Ultimately, if you do need to encrypt your data, you need to use an encryption function rather than a hashing function such as md5().
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  5. #5
    Join Date
    Dec 2009
    Location
    UK
    Posts
    30
    I have been wondering about how sessions are shown on the client side. So there is no way that a user can access the data stored in a session?

    the reason i only want to enter the query once (as a variable) is so I can use the same login script for multiple login areas on the same site. Other wise I will have to duplicate all the login pages just to change one line of query information.

    any ides on how this could be better accomplished?

  6. #6
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    18,923
    Quote Originally Posted by kingafrojoe View Post
    I have been wondering about how sessions are shown on the client side. So there is no way that a user can access the data stored in a session?
    No, the session data is never sent to the client, only the session ID cookie is.
    the reason i only want to enter the query once (as a variable) is so I can use the same login script for multiple login areas on the same site. Other wise I will have to duplicate all the login pages just to change one line of query information.

    any ides on how this could be better accomplished?
    Not 100% sure why you want to do that, but it seems to me more like something you would do in a config file that you could then include/require wherever you might need it, either setting that query string as a variable or constant, or defining a function to handle it where you could pass the WHERE clause as a function argument.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  7. #7
    Join Date
    Jun 2010
    Posts
    3
    Do you just want to keep the user logged in on your site while he/she goes from page to page? You could store that info into either a session variable or a cookie. If you do store passwords, always hash them (in the DB and session var or cookie), either using MD5 or there are others as well with more complex encryption.

    If you absolutely need to have the login script displayed in parts on each page, then as NogDog mentioned you could include a template file in each page, with arguments, like:

    include 'http://mysite.com/file.php?arg1=1&arg2=2';

    Then parse the arguments within the 'file.php' file.

    See here Example #3

    Always remember to strip out potentially dangerous data from inputs ($_POST and $_GET). Use the mysql_real_escape_string() function to do so.

    ---
    Look up a hash value, convert timestamps or convert numeral bases.
    devut.com

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles