Hi, I'm reading a tutorial about creating a simple discussion board(on pixel2life.com), and I was kinda confused about this sql statement in his code:
php Code:
// SQL statement $sql =
"SELECT `id` FROM `".SUFFIX.
"user` WHERE ((md5(`username`) = '".
md5($username).
"') && (`password` = '".
md5($password).
"')) LIMIT 1";
The suffix thingy is defined, if you want to have more than 1 forum on the same db.
But the thing that's confusing me is the
Code:
(md5(`username`) = '".md5($username)."')
The $username will be the $_POST['username'] value, that the user logs in with.
If he md5 that value, it will be something like 13057235ngw8tg34g.
Then he md5 the value of the username row in the db. And if it matches the value of the $_POST input, the value of the username row have to be... the actual username.
So what's the point in md5'ing it? Because he's still storing the username in the db without any hash...? :confused: :confused: :confused: :confused: :confused: :eek:
Join the friendly bunch on IRC...
SQL Query??
Threaded Mode
