Welcome Guest, Not a member yet? Register   Sign In
$this->db->get_where
#1

Blush Hi, Good day.

I found this thing by mistake.
1) Controller Function
Code:
        $id = trim($this->input->post('id'));
        $pw = md5(trim($this->input->post('pwd')));

        $queryResult = $this->userinfo_model->login_user($id, $pw);
2) Model Function
Code:
$query = $this->db->get_where('userinfo', array('id' => $id, 'password' => $pw));
What I found:
a) When $pw is null
Supposed SQL should be:
Code:
select * from userinfo where id = '$id' and password is null;
But the actual SQL is like:
Code:
select * from userinfo where id = '$id';
Is this an issue or I made any mistake??
Thanks
Reply
#2

I'm not seeing anything in the code which would cause that SQL to be output when calling $this->db->get_where() with those arguments. However, after you've passed $this->input->post('pwd') through trim() and md5(), I don't think you're going to get null (this doesn't explain why 'password' is not in your where clause).

Additionally, you shouldn't be using md5() for passwords. See the PHP manual for details: http://php.net/manual/en/faq.passwords.p...s.fasthash
Reply
#3

mwhitney is right: md5() of null (and any other hash) is not null. Make sure you have $pw inside your model.
Reply
#4

You should be checking you input for null and then the recommended way to hash passwords now is with the PHP.Net password_hash() method.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply




Theme © iAndrew 2016 - Forum software by © MyBB