How to Create and Store Md5 Passwords in MySQL

How do I create and store md5 passwords in mysql

Edit 2017/11/09: Be sure to take a look at the answer from O Jones.

First off MD5 isn't the greatest hashing method you could use for this try sha256 or sha512

That said lets use hash('sha256') instead of md5() to represent the hashing part of the process.

When you first create a username and password you will hash the raw password with some salt (some random extra characters added to each password to make them longer/stronger).

Might look something like this coming in from the create user form:

$escapedName = mysql_real_escape_string($_POST['name']); # use whatever escaping function your db requires this is very important.
$escapedPW = mysql_real_escape_string($_POST['password']);

# generate a random salt to use for this account
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));

$saltedPW =  $escapedPW . $salt;

$hashedPW = hash('sha256', $saltedPW);

$query = "insert into user (name, password, salt) values ('$escapedName', '$hashedPW', '$salt'); ";

Then on login it'll look something like this:

$escapedName = mysql_real_escape_string($_POST['name']);
$escapedPW = mysql_real_escape_string($_POST['password']);

$saltQuery = "select salt from user where name = '$escapedName';";
$result = mysql_query($saltQuery);
# you'll want some error handling in production code :)
# see http://php.net/manual/en/function.mysql-query.php Example #2 for the general error handling template
$row = mysql_fetch_assoc($result);
$salt = $row['salt'];

$saltedPW =  $escapedPW . $salt;

$hashedPW = hash('sha256', $saltedPW);

$query = "select * from user where name = '$escapedName' and password = '$hashedPW'; ";

# if nonzero query return then successful login

insert password into database in md5 format?

use MD5,

$query="INSERT INTO ptb_users (id,
user_id,
first_name,
last_name,
email )
VALUES('NULL',
'NULL',
'".$firstname."',
'".$lastname."',
'".$email."',
MD5('".$password."')
)";

but MD5 is insecure. Use SHA2.

Encryption and Compression Functions
SQLFiddle Demo

Query MySql database with md5 passwords

Try not to use md5 cause it is not safe anymore.
Why are you connecting to the database with user credentials? You should have a password and user, specific for that and use it everywhere you need a DB connection and allow a user to alter the DB only if he passes your login (what you are doing is not safe), in other words those user credentials are for the DB and DB only, and only known by you.
After doing this you can save in a table user related stuff: pass and username encrypted how you want them, make a login that checks the encrypted pass and the DB pass if that is ok then make the queries.

EDIT:

Since you wnat to store the pass in a cookie or session this method will help since you can simply store the encrypted password and check if it is the same as the one in your DB.

Best practices for efficiently storing md5 hashes in mysql

If the column is indexed and you know what you're doing, BINARY(16) for performance reasons.

Otherwise, CHAR(32) is fine. Make sure the column uses the ascii charset though. (ascii_bin for example)

PHP - Validating Password with MD5 and MySQL

Your code is not secure consider using php's password_hash() and password_verify() function and prepared statements!

Maybe change this line.

 $sql = "SELECT * FROM admin WHERE username = '$user' and passcode ='".md5('passcode')."'";

$sql = "SELECT * FROM admin WHERE username = '" . $user . "' and passcode ='".md5($passcode)."'";

In your registration page the line

 $sql = "INSERT INTO `admin` (`username`, `passcode`) VALUES('$user', '".md5('$passcode')."')";

Should be

 $sql = "INSERT INTO `admin` (`username`, `passcode`) VALUES('" . $user . "', '".md5($passcode)."')";

But the md5 is not secure and you should consider using password_hash as said in a comment.

Storing md5 hash of a password in database and comparing it

For flexibility, you should make a function to hash (not encrypt) your password. Also, use a stronger algorithm than md5 (like sha512 used in my example).

function hashPassword($str)
{
        return hash("sha512", $str . "salt");
}

I also recommend using mysql_real_escape_string.

$password_hash = hashPassword($_POST['password']);
$username = mysql_real_escape_string($_POST['username']);

And use an auto_incremented int instead and select it.

mysql> create table users (
-> id int primary key auto_increment,
-> username varchar(20),
-> password char(128));

Then simply compare the returned row with the username and password.

$check = "select id from users where username = '$username' and password = '$password_hash'";
$result = mysql_query($check);

if(mysql_num_rows($result))
{
    echo "<p>Login was successful!</p>\n";
}

To answer your question: yes, comparing a hashed password with a hashed string in the database will work.

how to use md5 encryption for password field in mysql database in coldfusion

md5 is a one way hash, it cannot be reversed.

You should never store decryptable passwords in the database. Store the md5 hash only. When the user tries to login, generate an md5 hash of the plain text password. Then compare it to the md5 hash stored in the db.