What's faster/better to use: the MySQL or PHP md5 function?

后端 未结 5 1471
[愿得一人]
[愿得一人] 2021-02-19 13:44

I checked the passwords for the users against the DB.

What is faster, the MySQL MD5 function

... pwd = MD5(\'.$pwd.\')

5条回答
  •  太阳男子
    2021-02-19 14:06

    Is performance really an issue here? It's likely to be marginal.

    • Doing it in MySQL makes the DB do more work, which is a good thing
    • Doing it in MySQL means the cleartext password gets passed further along (and the DB connection is often unencrypted).
    • This has nothing to do with SQL injection. You could fix the first version without moving the MD5 function. Also if there was a bug in PHP's MD5 function there's still a possibility of an injection attack.

提交回复
热议问题