-2

How would I echo this password,Please note that the password is dynamic and coming from a form

<?php
     $password = "<!\\\\*$troll'*\\\#!>"

     echo "<pre>";
     echo $password; 
     echo "</pre>";

     doEncryption($password);

 ?>

I need to use that passsword in a function for one of my clients.The function needs the password as a parameter.

Jany Gwan
  • 77
  • 1
  • 2
  • 9
  • 1
    You shouldn't be echoing passwords anyway; but learn the difference between [single quotes and double quotes for strings in PHP](http://www.php.net/manual/en/language.types.string.php) – Mark Baker May 12 '16 at 09:02
  • i already tried to use single quotes,there is one inside the password and it breaks.. – Jany Gwan May 12 '16 at 09:04
  • If you need to escape a single quote inside a single quoted string, then escape it..... or escape the `$` inside your double quoted string.... one or the other..... but read that docs link I posted that explains how strings work, because if you don't understand that then you'll never be a good PHP developer – Mark Baker May 12 '16 at 09:06
  • Mark Baker, take some time to understand the question, there is a single quote and $ sign in that password. – Jany Gwan May 12 '16 at 09:24
  • I have read your string.... I see the value that you're trying to set, I've told you what to do, I've pointed you to the documentation..... read what I've posted and understand what characters you need to escape and how to escape them – Mark Baker May 12 '16 at 09:31
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard May 12 '16 at 12:41

1 Answers1

1

Just use htmlentities:

<?php
     $password = "<!\\\\*$troll'*\\\#!>";

     echo "<pre>";
     echo htmlentities($password); 
     echo "</pre>";
Thamilhan
  • 13,040
  • 5
  • 37
  • 59
  • is troll a variable? – Thamilhan May 12 '16 at 09:01
  • that password is dynamic and coming from a client,so i need to handle it all from my code.Thanks – Jany Gwan May 12 '16 at 09:05
  • Is a troll what the OP is doing to us? – Mark Baker May 12 '16 at 09:06
  • @JanyGwan Why do you want to echo? – Thamilhan May 12 '16 at 09:09
  • Okay, the situation is like this, from an html form,the user enters a username and a password, so i dont need to know the users password,i just need to recieve it and encrypt it. One of my clients has used that password for whatever reason,and i just need to handle it. – Jany Gwan May 12 '16 at 09:10
  • you have [mysqi_real_escape_string](http://php.net/manual/en/mysqli.real-escape-string.php) – Thamilhan May 12 '16 at 09:12
  • 1
    If you're getting it from a form, why do you have it hard coded in your script? – Mark Baker May 12 '16 at 09:12
  • for simplicity sake... to get my point across quickly, @Thamilan, mysqi_real_escape_string will need stripslashes which in turn takes away too many forward slashes and the password comparison cannot be done – Jany Gwan May 12 '16 at 09:14
  • When you are taking from the form, there are ways to handle those. you can addslashes to escape quotes – Thamilhan May 12 '16 at 09:16
  • stripslashes will remove too many forward slashes and the decryption wont work.. – Jany Gwan May 12 '16 at 09:17
  • See.. the final note: when you are passing the value from the form, when there is dollar in the value, it won't be evaluated _unless or otherwise you wanted to print in the browser_. You can use proper escape sequences to escape everything before getting saved on to the DB. – Thamilhan May 12 '16 at 09:24