User Guide
Hash 513
Hash
Description
Converts a variable-length string to a 32-byte, hexadecimal string, using the MD5 algorithm. (It
is not possible to convert the hash result back to the source string.)
Returns
32-byte, hexadecimal string
Category
Conversion functions, Other functions, String functions
Function syntax
Hash(string)
Parameters
Usage
The result is useful for comparison and validation. For example, a developer can store the hash of
a password in a database without exposing the password. The developer can check the validity of
the password with the following code:
<cfif hash(form.password) is not myQuery.passwordHash>
<cflocation url = "unauthenticated.cfm">
</cfif>
Example
<!--- How to use Hash for password validation. This assumes that UserID
value is passed to this page with a URL parameter. --->
<h3>Hash Example</h3>
<cfquery name = "CheckPerson" datasource = "UserData">
SELECT PasswordHash
FROM SecureData
WHERE UserID = <cfqueryparam value = "#UserID#"
cfsqltype = "CF_SQL_CHARVAR">
</cfquery>
<cfif Hash(form.password) is not checkperson.passwordHash>
<cflocation url = "unauthenticated.cfm">
<cfelse>
...
</cfif>
Parameter Description
string A string or a variable that contains one.