2

I am using ajax to get some info from my database. I use a page that will return the JSON row of information:

$get = DB::getInstance()->get($table, array($field, '=', $field_equals))->first();

echo json_encode($get);

Information is echo'd like this:

 {"id":"118","contact_id":"7","appt_status_id":"1","reason_id":"1","start":"1994-03-31 00:00:00","end":"0000-00-00 00:00:00","allDay":"0","pre_notes":"","post_notes":null}

I am now having an issue. I am trying to pull the record/row information from a table called 'users'. That table has a password field and a special field that is called 'salt'. I learned to use the salt for better password hashing. It is created at registration and is used to verify the username/password.

Either way here's a sample salt that can be found in a field:
’¯z„„{VÀZTÑÂÚÒJQeˆ.Ûù1¨˜3• ï_

I find that because of the special characters (I think?) no information will be echo'd from my ajax page! The ajax page just returns no results, when I know I should be getting a record's row information. If I clear out the salts then the record information is echo'd as JSON. So the salt field is the culprit.

Any thoughts?

Jeff Puckett
  • 37,464
  • 17
  • 118
  • 167
chris.cavage
  • 759
  • 1
  • 13
  • 35
  • 1
    Possible duplicate of [UTF-8 all the way through](http://stackoverflow.com/questions/279170/utf-8-all-the-way-through) – Gerald Schneider May 16 '16 at 16:28
  • I'll have to read your suggestion. I didn't mean to duplicate anything. I'm not the same person as whoever asked the other question. Let me see if I can figure this out then..... Thanks. – chris.cavage May 16 '16 at 16:34
  • try using htmlentities($salt); – Garvit Mangal May 16 '16 at 16:36
  • What would salt and password have to do with returning json? Surely you're not sending that to the client. – Kevin B May 16 '16 at 19:01
  • It is a very bad practice to store passwords directly in database or another storage. Store a result of hashing function like md5(md5(password) . salt) or something like this. You shouldn't compare password values on login. Compare a results of your function and a value recorded on registration for respective user – Max Zuber May 16 '16 at 21:00
  • Also, salt is a kind of secret hardcoded constant, which is a part of password hashing function. It shouldn't be spoiled too. – Max Zuber May 16 '16 at 21:03
  • thanks for the help. I am not storing my passwords directly in my database. I wasn't thinking though. I shouldn't be returning all of this information client side. that was silly of me. I actually use an Ajax query now that only returns the username. – chris.cavage May 18 '16 at 02:53

0 Answers0