Welcome Guest, Not a member yet? Register   Sign In

Blush Hi, Good day.

I found this thing by mistake.
1) Controller Function
        $id = trim($this->input->post('id'));
        $pw = md5(trim($this->input->post('pwd')));

        $queryResult = $this->userinfo_model->login_user($id, $pw);
2) Model Function
$query = $this->db->get_where('userinfo', array('id' => $id, 'password' => $pw));
What I found:
a) When $pw is null
Supposed SQL should be:
select * from userinfo where id = '$id' and password is null;
But the actual SQL is like:
select * from userinfo where id = '$id';
Is this an issue or I made any mistake??

I'm not seeing anything in the code which would cause that SQL to be output when calling $this->db->get_where() with those arguments. However, after you've passed $this->input->post('pwd') through trim() and md5(), I don't think you're going to get null (this doesn't explain why 'password' is not in your where clause).

Additionally, you shouldn't be using md5() for passwords. See the PHP manual for details: http://php.net/manual/en/faq.passwords.p...s.fasthash

mwhitney is right: md5() of null (and any other hash) is not null. Make sure you have $pw inside your model.

You should be checking you input for null and then the recommended way to hash passwords now is with the PHP.Net password_hash() method.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )

Theme © iAndrew 2016 - Forum software by © MyBB