Level 54
there is no specify column to compare and md5 return positive value hence always true...
Nov 7, 2019
13
Level 1
Where query using and md5 value - lavavel 5.3
I'm trying to query the database to get the record that matches the unique id for a user.
User::whereRaw(('md5(unique_id)'), $mdid)->first();
This returns the first id in the database, not the intended user
User::whereRaw(('md5(unique_id)'), $mdid)->get();
This returns every user in the database
Any suggestions, thank you!
Level 1
Thank you. I got this to work:
User::whereRaw('md5(unique_id) = "' . $mdId . '"')->first();
Level 75
I don't think that's working the way you think it is.
Level 39
User::where('unique_id', md5($mdid))->first() ?
Level 1
@jlrdw Can you elaborate? I tested it and it's working on my localhost, unless something is different on the live server.
Level 1
@jaytee thanks, but this definitely wouldn't work because $mdid already has md5 applied, this would just be adding md5 to a string with md5 already applied.
Level 5
If you output your query with the method toSql() you will see it does something like
''' Select * from blah where 83y2y26w8383=262626e48 '''
Which column should contain the md5 value? You don't mention the column name here.
Level 54
usually people will stored the encrypted value in table to prevent other to see plain value
User::whereRaw('md5(unique_id) = "' . $mdId . '"')->first();
meant that your unique_id is not md5() value, hence the purpose to use md5() is meaningless... that's why Jaytee answer is proper one, but everyone have their own reason to do so, we can't judge your code as long as you ok with it...
Level 39
I'm confused. Why would you store a plain value in the database, but then hash that value when checking for it? Makes no sense. You wouldn't store a password as a plain value, and then check it by hashing the requested value, because that wouldn't be secure.
Either store the value as a hash, and then check against it by hashing the value, or use plain values. Technically, a user already has a unique id, which is the auto-incrementing id.
Level 1
@jaytee for a unsubscribe link in my emails. I md5 the unique id in the email so that no one knows what the unique id is in my database. Should I really create a new column with a hash value? What's wrong with the way I'm doing it? It doesn't seem like a good idea to give anyone the unique id, maybe I'm wrong, Also seems silly to create a new column with a hash just for an unsubscribe link. I'm literally just learning how to code so I'm open to suggestions. Thanks for your help.
Level 39
Take a look at these links provided. They use a variety of methods, from hashing, encoding, encrypting to randomly generated strings.
https://www.formget.com/unsubscribe-php/ https://stackoverflow.com/questions/17142935/how-to-generate-unsubscribe-link-for-newsletter https://stackoverflow.com/questions/49091772/proper-way-to-set-unsubscribe-link-from-a-sent-email-to-users https://stackoverflow.com/questions/36155711/php-unsubscribe-script-with-hash. https://stackoverflow.com/questions/29041912/secure-unsubscribe-link-how-much-encryption-is-enough
The problem with hashing it in the email is that you have no saved value to compare it against.
Level 1
@jaytee - thanks, I'll read these. When I use this query I'm able to take the hashed unique_id from the email and search for the record in my db table. That's why I'm wondering, do I even need a hashed value in the table?
User::whereRaw('md5(unique_id) = "' . $mdId . '"')->first();
Level 39
Nope, you can just use their email address and/or id that's already stored
Please or to participate in this conversation.