0

My requirement is to encrypt a password and update the MySQL database in one go.

This is how I tried to do this. But was not successful.

Is this a good approach?

php:

require_once("conn.php"); //PDO
//I've set all passwords in an array
$values = array ( 
    array ( "studentID"  =>  "SCI164" , "pass" =>  "ABCD12"),
    array ( "studentID"  =>  "GEO24" , "pass" =>  "XYZ1"),
    array ( "studentID"  =>  "SCI112" , "pass" =>  "PQR89")
)
foreach ($values as $temp) {
    foreach($temp as $key => $val){
      $stuID = $key"studentID";
      $rawPass = $key"pass";
      $encPass = md5($rawPass);

      $sql_update = "UPDATE students_db
      set pass = $encPass
      where studentID = $stuID Limit 1";
    }
}
Improve this question
5
  • 2
    if you're already using PDO, then use prepared statements, don't waste its good functionality, and if you're using PHP 5.5 use password hashing or if < 5.5 use the backward compatibility instead Commented Aug 28, 2014 at 6:55
  • you should also read the note on the manual page for the md5 function php.net/md5 Commented Aug 28, 2014 at 6:57
  • 1
    .. and maybe run the actual query Commented Aug 28, 2014 at 6:58
  • @Ghost: Thanks. This is to update a database which is already in use and has its own encryption series. I've used md5 here for illustrative purposes. Commented Aug 28, 2014 at 7:00
  • if you're asking what is a good approach, then use prepared statements. here a tutorial Commented Aug 28, 2014 at 7:03

4 Answers 4

Reset to default
2

This query encrypt all pass value from students_db. 

UPDATE students_db SET pass = MD5(pass)
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Very nice. :) But there is a series of encryption happening. I've used only md5 here for illustrative purpose.
0

You can not use .EDITED $stuID = $key"studentID"; This should give error.

foreach($values as $key=>$val) {
      $sql_update = "UPDATE students_db
      set pass ='". md5($val['pass'])."'
      where studentID =". $val['studentID']."Limit 1";
      echo $sql_update;
    }

single quotes because md5 will return a value like xvm456n334 i.e. alpha numeric.

Improve this answer

1 Comment

foreach ($values as $val) { gives an error Parse error: syntax error, unexpected 'foreach' (T_FOREACH)
0

I am not going into any security issues with any of this, I am not in a position to discuss it however your code should be like this:

require_once("conn.php"); //PDO
//I've set all passwords in an array
$values = array ( 
    array ( "studentID"  =>  "SCI164" , "pass" =>  "ABCD12"),
    array ( "studentID"  =>  "GEO24" , "pass" =>  "XYZ1"),
    array ( "studentID"  =>  "SCI112" , "pass" =>  "PQR89")
)
foreach ($values as $val) {
      $stuID = $val["studentID"];
      $rawPass = $val["pass"];
      $encPass = md5($rawPass);

      $sql_update = "UPDATE students_db
      set pass = $encPass
      where studentID = $stuID Limit 1";
    }
}
Improve this answer

Comments

0

Try to use this and you have to give single quotes around $encPass as pass column would have varchar datatype. 

foreach($values as $value) {
    $stuID = $value["studentID"];
    $rawPass = $value['pass'];
    $encPass = md5($rawPass);

    $sql_update = "UPDATE students_db set pass = '$encPass' where studentID = $stuID Limit 1";
}
Improve this answer

2 Comments

foreach($values as $value) { gives an error Parse error: syntax error, unexpected 'foreach' (T_FOREACH)
try to check your array or update your question with new code.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.