Saul Tigh Saul Tigh - 1 year ago 58
SQL Question

How can I use bcrypted password in a query?

Before I start, I will state that at the moment I'm stuck with the old mysql API.

I use this function for password creation.

$password = $_POST[password];
$passwordhashed = password_hash($password, PASSWORD_DEFAULT);

However, now I need to run a query like this one:

$query_f = mysql_query("SELECT fiscal FROM list WHERE password='$password'");

but obviously I can't use
because in the database it's encrypted with a random salt. So how do I do it?

This is not what I'm actually gonna do. For the reasons I don't wanna bother you with, I would like to know if it's possible and how.

Answer Source

You don't. Look up the user by some identifier (like a username or email address) and then check if the password field matches with password_verify. You specifically can't lookup a user by salted password hash, that would defeat the point of salting.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download