February 1st, 2013, 03:20 PM
How to Use HashBytes with msSQL/PHP
My client is moving from mySQL to MS SQLSRV, so I'm going thru and updating all the sql statements.
But I need help with this one. The current code uses "SHA1". I understand that sqlsrv needs to use the command "HashBytes", but I can't seem to get it right.
Here is the current code that works with mySQL/PHP.
How can I make this work with MS SQLSRV?
I've tried doing ...Password = HASHBYTES('SHA1', '$pass')"; but I'm missing something. Any help would be greatly appreciated!
February 1st, 2013, 04:11 PM
You're halfway there. HASHBYTES returns actual binary data, not the hex encoding of the bytes like SHA1 does.
a) Convert the passwords to be binary columns and use binary data.
b) Grab the SHA-1 hash using PHP instead of the database.
c) Use CAST/CONVERT after HASHBYTES. Scroll down to the "Binary Styles" section for more.
Also, SHA-1 by itself is not secure. You need to do more with the passwords to keep them safe.
February 4th, 2013, 09:14 AM
Thanks for the direction! Much appreciated.
Originally Posted by requinix
February 4th, 2013, 03:27 PM
In case it wasn't clear, those (a) (b) (c) options were exactly that: options. Not steps. Normally I mention that but this time I didn't. You can pick any one of those to use.