March 3rd, 2005, 11:23 AM
MySQL to SQL Server and password()
I have an internal Project Management and Scheduling app that I wrote internally for my company. It was written to use MySQL running on a Debian server, but I am going to move it to SQL Server 2000 and integrate it with our Accounting software. The part I am having trouble with is the user login portion. I previously used this:
Apparently the password() function is not available when accessing SQL Server via ODBC. Is there an equivalent function I could use isntead so the passwords arent plaintext in the database? I only have 15 people using the system so a blank pwd reset wouldn't be too much trouble.
$sql = "SELECT * FROM users WHERE username = \"$username\" AND user_password = password(\"$password\")";
March 3rd, 2005, 11:41 AM
I cannot remeber any thing on top of my head but you
probably need to post your question in a databse forum as
March 3rd, 2005, 11:55 AM
From the MySQL manual:
Be smart, use the standard MD5 function which is available in most databases.
Or take the relevant code from mysql's source and make an UDF for your db ...
Comments on this post
Last edited by pabloj; March 3rd, 2005 at 11:57 AM.
March 3rd, 2005, 12:55 PM
Interesting. I had never known that password() was a bad function to use. Time to move to md5() I guess.
Edit: md5() doesn't seem to work in MsSQL...
March 3rd, 2005, 03:07 PM
I suppose it might be better if I used a php based encryption function instead of using one that depends on the type of db backend I pick.
March 3rd, 2005, 05:24 PM
Function MD5() in php is good, there is encrypt function too.
March 4th, 2005, 04:01 AM
You can find the md5 function (UDF) for MsSQL here
March 4th, 2005, 11:33 AM
I just set it up to encrypt the password before creating the query.