Password authentication question

I am trying something very simple, to pass the contents of a form (just
username and password) to execute a query on MySQL table. The problem
appears to be the password field.

For example,
username: money
password: penny

If type in the password as penny, it won't authenticate.

I checked the contents of password field in the MySQL table and somehow it's
converted it to a hexdecimal number. I then tried cutting and pasting that
hexadecimal number into the password box and it suddenly works.

What is happening? I am also wondering how to execute a query so the
password penny will match the hexadecimal number so the query returns a
value. Here's the current one below:

$sql="SELECT * FROM user_table WHERE username='".$username."' and
password='".$password."'";

Cheers

Phil

Found this thread using Google groups which sort of explained what is
happening.
http://groups.google.co.uk/groups?hl...Dcomp.lang.php

The bit I can't figure out is how other very similar scripts use the
password fields but they don't get converted to hexadecimal in tables. In my
particular script, the password field is a varchar(25) so should be big
enough to cope.

Need to do some more reading but any pointers will be handy.

Cheers

Phil






"Phil Latio" <phil.latio@f-in-stupid.co.uk> wrote in message
news:VkaUd.3499074$f47.626982@news.easynews.com...
> I am trying something very simple, to pass the contents of a form (just
> username and password) to execute a query on MySQL table. The problem
> appears to be the password field.
>
> For example,
> username: money
> password: penny
>
> If type in the password as penny, it won't authenticate.
>
> I checked the contents of password field in the MySQL table and somehow
it's
> converted it to a hexdecimal number. I then tried cutting and pasting that
> hexadecimal number into the password box and it suddenly works.
>
> What is happening? I am also wondering how to execute a query so the
> password penny will match the hexadecimal number so the query returns a
> value. Here's the current one below:
>
> $sql="SELECT * FROM user_table WHERE username='".$username."' and
> password='".$password."'";
>
> Cheers
>
> Phil
>
>
>
>
>
>
>

Success. I realised it was the way I was adding users to the database that
was causing the encryption.. I took the below statement out of one of Julie
Meloni books.

$sql = "INSERT INTO $table_name (name, username, password)
VALUES(\"$name\",\"$username\",password(\"$passwor d\")) ";

Cheers

Phil

"Phil Latio" <phil.latio@f-in-stupid.co.uk> wrote in message
news:JZaUd.3220716$B07.507976@news.easynews.com...
> Found this thread using Google groups which sort of explained what is
> happening.
>
http://groups.google.co.uk/groups?hl...Dcomp.lang.php
>
> The bit I can't figure out is how other very similar scripts use the
> password fields but they don't get converted to hexadecimal in tables. In
my
> particular script, the password field is a varchar(25) so should be big
> enough to cope.
>
> Need to do some more reading but any pointers will be handy.
>
> Cheers
>
> Phil
>
>
>
>
>
>
> "Phil Latio" <phil.latio@f-in-stupid.co.uk> wrote in message
> news:VkaUd.3499074$f47.626982@news.easynews.com...
> > I am trying something very simple, to pass the contents of a form (just
> > username and password) to execute a query on MySQL table. The problem
> > appears to be the password field.
> >
> > For example,
> > username: money
> > password: penny
> >
> > If type in the password as penny, it won't authenticate.
> >
> > I checked the contents of password field in the MySQL table and somehow
> it's
> > converted it to a hexdecimal number. I then tried cutting and pasting
that
> > hexadecimal number into the password box and it suddenly works.
> >
> > What is happening? I am also wondering how to execute a query so the
> > password penny will match the hexadecimal number so the query returns a
> > value. Here's the current one below:
> >
> > $sql="SELECT * FROM user_table WHERE username='".$username."' and
> > password='".$password."'";
> >
> > Cheers
> >
> > Phil
> >
> >
> >
> >
> >
> >
> >
>
>