Cyber_Entity

Either would be beneficial, you'll probably find more job listings for .net though.

Thanks for the quick response. What you said does make since. I would pick up the other either way, just trying to figure out where to start so I can start my career.

I am familiar with PHP and C#. I am very familiar with web development. I just graduated collage with my associates in software development. All the places I have applied to either say I need more experience (My portfolio has 5 different projects on it) or they want you to have a PHP framework or ASP.NET background. So I am just unsure as to which would be more beneficial. Picking up a PHP framework like Laravel or ASP.NET.

Thanks.

Yeah, but so what? Do you think that storing it as binary data would grant some sort of protection?

Doesn't it. When storing it as binary the database shows it as a blob compared to char showing the whole hash. I mean I am still learning, but that is just what I read.

I've always stored hashes as a character type instead of binary. Also, instead of 3 queries to get individual fields from the same record, how about 1 query to get all the fields you need at once?

Wouldn't that leave my hash fully view able.

I am unsure if I should post this here or PHP. Sorry if in wrong place.

Alright I made a create profile forum. I can create a profile and save all the user information I want. I hashed the passwords with$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));$salted_password = $user_password_password .$salt;$hashed_password = hash('sha256', $salted_password);I then insert in into the database storing the $hashed_password and $salt. The problem is, when I try to log in I either all ways get invalid password or I all ways get valid password.if(isset($_POST['login'])){$login_errors = "";$login_messages = "";$user_username = mysqli_real_escape_string($connect, $_POST['user_username']);$user_password = mysqli_real_escape_string($connect, $_POST['user_password']);if(empty($user_username) || empty($user_password)){$login_errors .= "Error:n Username and password are required to login.n";}if($result = mysqli_query($connect, "SELECT User_Username FROM Profiles WHERE User_Username = '$user_username'")){if(mysqli_num_rows($result) == 0){$login_errors .= "Error:n Username/Password is invalid.n";}mysqli_free_result($result);}if($result = mysqli_query($connect, "SELECT User_Salt FROM Profiles WHERE User_Username = '$user_username'")){if(mysqli_num_rows($result) == 0){$login_errors .= "Error:n Salt is invalid.n";}else{$salt = implode(mysqli_fetch_row($result)); $salted_password = $user_password .$salt; $hashed_password = hash('sha256', $salted_password);}mysqli_free_result($result);}if($result = mysqli_query($connect, "SELECT User_Password FROM Profiles WHERE User_Username = '$user_username'")){if(mysqli_num_rows($result) == 0){$login_errors .= "Error:n Username/Password is invalid.n";}else{$password = implode(mysqli_fetch_row($result));if($password == $hashed_password){$login_messages .= " Password is valid.n";}}mysqli_free_result($result);}}I have printed the $salt and $hashed_password from the database and the newly generated one. They are an exact match. I tried many different combinations."SELECT * FROM Profiles WHERE User_Username = '$user_username' AND User_Password = '$hashed_password" is the code this is supposed to work.My $salt is stored as VARCHAR(64) and $hashed_password is stored as BINARY(64).