I created a user to use my database
CREATE USER 'my_user'@'localhost' IDENTIFIED BY 'my_pass';
GRANT ALL PRIVILEGES ON * . * TO 'my_user'@'localhost';
FLUSH PRIVILEGES;
The pass was stored in encrypted mode on the mysql.user table.
But when i use the mysqli_connect() method, I find that when I give the pass as parameter, I must give the non-encrypted, original value that I used on the query if I don′t want to get the famous "Connect failed: Access denied for user 'my_user'@'localhost' (using password: YES)".
But that is actually a different string value that the one stored on the database (encrypted version).
How is it? Would not be more secure to give as parameter the encrypted version in case someone access the .PHP file where I establish the connection? Why mysqli_connection doesn′t accept it? Is there a way to do it?
See Question&Answers more detail:os