02-10-2009, 07:13 PM
|
#1 (permalink)
|
|
The Visitor
Join Date: Jan 2009
Location: Netherlands
Posts: 3
Thanks: 0
|
encryption and security
Well, I have a bunch of questions to ask, but I will start with this one.
When I read tutorials, articles or topics on the internet about security I often read the following thing:
Code:
<?php
// escape all data in variables to prevent mysql injection
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$pass = md5($pass);
?>
Now my question, is it really necessary to use the mysql_real_escape_string() function when you will md5() or sha1() the password? Because I always thought you use the mysql_real_escape_string() function to escape special characters into a string by using '\'. But when you use md5() or sha1(), the password itself would be completely encrypted so you wouldn't have to use the mysql_real_escape_string() function?
The code would then become like this:
Code:
<?php
$user=mysql_real_escape_string($user);
$pass=md5($pass);
?>
Well I hope you understand my question, since my english isn't perfect but I'm working on it. Thanks!  |
|
|
|