Encrypting Password using md5() function | PHP Tutorial for Beginners

MD5():-
The MD5 message-digest algorithm is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. MD5 has been utilized in a wide variety of security applications, and is also commonly used to check data integrity.

In our case it calculet the md5 hash of given string. With the use of md5() you can make your login system more secure.

Here is the Syntax of MD5():-
$user_password="987654";
echo md5($user_password);

Output :- 6c44e5cd17f0019c64b042e4a745412a
It encrypt the string which we have provided.

Example - Login Page

This is example of login page with encrypted password. You have also encrypt password during signup process else user will not able to login.

$user_name=$_POST['user_name'];
$user_password=$_POST['user_password'];

// encrypting password
$encrypted_password=md5($user_password);
$sql="SELECT * FROM $user_details WHERE username='$user_name' and password='$encrypted_password'";
$result=mysql_query($sql);

Hope this php tutorial is useful for you. Keep following Php Tutorial for Beginners for more help.

jQuery show() and hide() Function | PHP Code for Beginners

In this tutorial of php code for beginners we will show you how to use jquery show() and hide() functions.
jQuery show() and hide() are the most common used functions. They are used to show or hide perticular element in the page.

show() – Display the matched elements.
hide() – Hide the matched elements.

<html>

<head>

<script src="http://code.jquery.com/jquery-1.9.1.js"></script>

<style type="text/css">

div{

padding:8px;

margin:10px;

border:1px solid blue;

width:450px;

height:50px;

background-color:blue;

color:white;

}

</style>

</head>

<body>

<h1>jQuery show() and hide() example</h1>

<div>This is jquery show() and hide() example</div>

<button id=show_box>show </button>

<button id=hide_box>hide</button>

<script type="text/javascript">

 $("#show_box").click(function () {

   $("div").show('fast');

});

$("#hide_box").click(function () {

   $("div").hide('slow');

});

$("#reset").click(function(){

location.reload();

});

</script>

</body>

</html>

Hope this php tutorial is useful for you. Keep following Php Tutorials for Beginners for more help.

Preventing SQL Injection | PHP Code For Beginners

If you are spent any serious time developing Web Application, you know the risk of SQL injection. Sql injection is caused when data is inserted into database that hasn’t been properly sanitized. For example, a simple demonstration of SQL injection would be an exploit that give a malicious person administration access to your site.

Say you have an HTML form that requires a username and password. Each of these form fields are named “user” and “pass”, respectively. On backend, the authentication mechanism checks the username and password against the database like this:

SELECT * FROM usertable WHERE username = ‘$user’ AND password = ‘$pass’;

If form data is unsanitized but the user actually inputs proper username and password, then the SQL query works and authentication is granted. However, if someone enters a more malicious string, they can wreak havoc on your system. For example, if user entered a username of user ’OR 1=1;-- and any password then SQL will also be valid and will give the user access to the protected system. The query would actually be run is shown here:

SELECT * FROM usertable WHERE username = ‘user’ OR 1=1;--random password

To understand the practical danger in this query, you have to understand that two dashes (--) is equivalent to the comment. Everything after he – is ignored by MySQL so it doesn’t matter if invalid password is provided. Also, because you haven’t “escaped” the single quote in the username, the single quote becomes the “end” of the value being checked against the username field. Though this is properly invalid as well, it doesn’t matter because the attack adds an OR 1=1 (which is always true) into the query. The query read, “Retrieve the record from usertable where username is ‘user’ or 1=1.” Because 1 is always equals to 1, the SQL always evaluates as true and attacker can access the protected resources or application.

To prevent against a possible SQL injection attack, the WordPress database class provides the $wpdb->prepare () method. It handles data sanitization of SQL statements to prevent against SQL injection,as show in below example. Note that instead of using %d to indicate a numerical replacement, you could use %1$d syntax to indicate, “replace this placeholder with the first replacement value in the format of a number.”

Using the prepare () method to sanitize SQL against SQL Injection attacks.

$sanitized_sql = $wpdb->prepare (“’INSERT INTO my_plugin_table SET field1 = %1$d, field2 = %2$s, field3 = %3$s’, 13, ‘Php code’, ‘Wordpress’);

$wpdb->query ($sanitized_sql);