$salt2I am working on a login system and am having a problem with updating my salt tables. I am NOT an expert in sql BUT I know my way around.
My query to update is:
UPDATE hashTable SET `salt1` = 'salt1here' AND `salt2` = 'salt2here' WHERE `userID` = userID
userID is an integer value so I don't need to quote that.
When I update that table salt1 is set to the value of 0. I am using php to create my sql query and that looks like:
UPDATE hashTable SET `salt1` = '$salt1' AND `$salt2` = 'salt2here' WHERE `userID` = $userID
SIDE NOTE: I know about sql injection and I do have protection against that in my code. In this case I do not need this because the salt values are being generated by the script and user id is a value returned by a function. Any place where I do have user input I strip slashes and have ways to prevent injection.
To me my sql query seems correct and I know that my values are correct because this is what a dynamically created query looks like:
UPDATE hashTable SET `salt1` = '9d6db1743e5e0cf1bb0e8cd799c0640231a10ec21e1612a6ed46e8ea16862835' AND `salt2` = '0824b2aac446ccfbd719645f84b13443cbcf59ee4e6dabace8c421ff6a8c6688' WHERE `userID` = 1374770432
I have even entered that in directly to phpMyAdmin and it says 0 rows affected but still changes my salt1 row to 0.
I am somewhat baffled because it seems like I'm doing everything correctly but obviously I am not.