$this->db->get_where - Printable Version

$this->db->get_where - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: Issues (https://forum.codeigniter.com/forumdisplay.php?fid=19)
+--- Thread: $this->db->get_where (/showthread.php?tid=65745)

$this->db->get_where - szhuge1 - 07-19-2016

Blush

Hi, Good day.

I found this thing by mistake.
1) Controller Function

Code:
        $id = trim($this->input->post('id'));

        $pw = md5(trim($this->input->post('pwd')));

        $queryResult = $this->userinfo_model->login_user($id, $pw);

2) Model Function

Code:
$query = $this->db->get_where('userinfo', array('id' => $id, 'password' => $pw));

What I found:
a) When $pw is null
Supposed SQL should be:

Code:
select * from userinfo where id = '$id' and password is null;

But the actual SQL is like:

Code:
select * from userinfo where id = '$id';

Is this an issue or I made any mistake??
Thanks

RE: $this->db->get_where - mwhitney - 07-19-2016

I'm not seeing anything in the code which would cause that SQL to be output when calling $this->db->get_where() with those arguments. However, after you've passed $this->input->post('pwd') through trim() and md5(), I don't think you're going to get null (this doesn't explain why 'password' is not in your where clause).

Additionally, you shouldn't be using md5() for passwords. See the PHP manual for details: http://php.net/manual/en/faq.passwords.php#faq.passwords.fasthash

RE: $this->db->get_where - Avenirer - 07-19-2016

mwhitney is right: md5() of null (and any other hash) is not null. Make sure you have $pw inside your model.

RE: $this->db->get_where - InsiteFX - 07-20-2016

You should be checking you input for null and then the recommended way to hash passwords now is with the PHP.Net password_hash() method.