PHP Password Salt and Pepper using sha1 MD5 Hash

battery salt and pepper shakers

Adding salt to passwords has become a very popular topic. In this tutorial we will look at adding more then just a little salt in hope to make the passwords stored in the database a lot more complicated to break.

What we aim to do is change “HelloKitty” into “bd6656780b4fcad95b4326dd6ee46cbcdb4d8a”.
Continue reading

Injection Prevention – looping mysql_real_escape_string()

Most of my sites I build use MySQL and PHP. Most of the sites are interactive and need input from users. This opens up a big security hole where hackers can use a simple ploy called a SQL Injection and insert some nasty code. In the blog post MySQL Tutorial – SQL Injection covers the mysql_real_escape_string() PHP command which helps reduce the risk.
Continue reading