ok how come i cant do this

$bbuserinfo = $sql->query("SELECT * FROM user WHERE password=$ _COOKIE[bbpassword]");


but i can do this

$bbuserinfo = $sql->query("SELECT * FROM user WHERE userid=$ _COOKIE[bbuserid]");


i've looked at my cookies and everything is there, why can i do one, but not the other? and yes this is on a non-vb page

You need to put the passhash in quotes.

you mean like this?

$bbuserinfo = $sql->query("SELECT * FROM user WHERE password=$_COOKIE['bbpassword']");


then i get this error
Can't query: SELECT * FROM user WHERE password=

where normally (without single quotes) i get this error
Can't query: SELECT * FROM user WHERE password= some 25 digit number

i tried it in phpmyadmin and this is the error i got
Unknown column '79ab945544e5bc017a2317b6146ed3aa' in 'where clause'

the query i used was

$bbuserinfo = $sql->query("SELECT * FROM `user` WHERE `password`=$_COOKIE[bbpassword]");

$bbuserinfo = $sql->query("SELECT * FROM user WHERE password = \"" . $_COOKIE['bbpassword'] . "\"");

darn you turtle boy and your always being right :p thanks though :D

Mr_e, it's not smart to post your md5 password hash here. Did you know that you can crack md5 hashes?

It takes exponentially or logarithmically longer to break an md5 hash the longer the original string was, although I do agree that it wasn't wise.

Also Lesane, please shorten your sig to eight lines (you're only allowed eight lines of small text :))

Approximatly how long does it take to crack a unique password which is encrypted in md5? With only the hash available?

I know there are programs that have dictionaries and brute it out, so if the password is apple, and since apple is present in the dictionary it will compare and tell you. Im really not sure how long, the method of cracking unique passwords.

Do not get me wrong, I do not want to hack or crack:)

It takes minutes for a couple letters, days for a few more, and many, many years for a couple words.

it's the hash of the pass on my local forum