Do you need to use mysqli_real_escape_string for encrypted values?

Question

I'm working on a project called ThePeopleHubProject, and on the registration you need to input a password.

Do I need to secure the passwords from SQL injection if they are encrypted?

I use crypt(sha1()) as a encryption method.

Thanks, Thomas.

Answer 1

You don't need to, you can either restrict your input field of password to allow/accept what combination it needs.

<input type="password" name="password">

PHP Code:

<?php

   if(isset($_POST['password'])
     $password = htmlentities($_POST['password']) // This will ensure any html characters entered to their equivalent value.
     md5 or sha1($password);

To basically sum-up my answer, encrypting is more than enough you don't need to worry about sql-injection here.