Well, bonus points for including SQL that doesn't suffer from SQL injection issues, but every one of the suggestions is wrong.
I'm personally confused by this comment:
Note: Using MySQL's password() function in your own applications isn't recommended - the algorithm used has changed over time and prior to 4.1 was particularly weak.
So.. if you know it's not recommended, why even include an example of it?
3 comments
[ 4.3 ms ] story [ 19.2 ms ] threaddon't use sha1 hashes for storing passwords, use bcrypt. http://www.openwall.com/phpass/
or a quick code snippet:
phpsec should update this article with a more secure example.
I'm personally confused by this comment:
So.. if you know it's not recommended, why even include an example of it?