Saul Tigh Saul Tigh - 6 months ago 7
SQL Question

How can I use bcrypted password in a query?

Before I start, I will state that at the moment I'm stuck with the old mysql API.

I use this function for password creation.

$password = $_POST[password];
$passwordhashed = password_hash($password, PASSWORD_DEFAULT);


However, now I need to run a query like this one:

$query_f = mysql_query("SELECT fiscal FROM list WHERE password='$password'");


but obviously I can't use
$password
because in the database it's encrypted with a random salt. So how do I do it?

This is not what I'm actually gonna do. For the reasons I don't wanna bother you with, I would like to know if it's possible and how.

Answer

You don't. Look up the user by some identifier (like a username or email address) and then check if the password field matches with password_verify. You specifically can't lookup a user by salted password hash, that would defeat the point of salting.

Comments