0
在线手册:中文 英文

md5

(PHP 4, PHP 5, PHP 7)

md5计算字符串的 MD5 散列值

Warning

由于此函数依赖的算法已不足够复杂,不推荐使用此函数对明文密码加密。详细内容参见 这里

说明

md5 ( string $str [, bool $raw_output = FALSE ] ) : string

使用 » RSA 数据安全公司的 MD5 报文算法计算 str 的 MD5 散列值。

参数

str

原始字符串。

raw_output

如果可选的 raw_output 被设置为 TRUE,那么 MD5 报文摘要将以16字节长度的原始二进制格式返回。

返回值

以 32 字符十六进制数字形式返回散列值。

范例

Example #1 md5() 范例

<?php
$str 
'apple';

if (
md5($str) === '1f3870be274f6c49b3e31a0c6728957f') {
    echo 
"Would you like a green or red apple?";
}
?>

参见

0
在线手册:中文 英文

8位用户评论

[#1] ▲-4▼ steve m [25%] (2020-01-10 02:20:03)

I've found multiple sites suggesting the code: md5(file_get_contents($filename)); Until recently, I hadn't noticed any issues with this locally... but then I tried to hash a 700MB file, with a 2048MB memory limit and kept getting out of memory errors... There appears to be a limit to how long a string the md5() function can handle, and the alternative function is likely more memory efficient anyway. I would highly recommend to all who need file hashing (for detecting duplicates, not security digests) use the md5_file() function and NOT the regular string md5() function! md5_file($filename); Note, to those interested, as this was for a local application not a server, I was more concerned with results than memory efficiency. In a live environment, you would never want to read an entire file into memory at once when avoidable. (at the time of coding, I did not know of the alternative function)

[#2] ▲9▼ ray.paseur sometimes uses gmail [65%] (2018-12-01 17:10:26)

md5('240610708') == md5('QNKCDZO') This comparison is true because both md5() hashes start '0e' so PHP type juggling understands these strings to be scientific notation. By definition, zero raised to any power is zero.

[#3] ▲-9▼ hkmaly [32%] (2017-11-27 10:11:40)

Note: Before you get some idea like using md5 with password as way to prevent others tampering with message, read pages "Length extension attack" and "Hash-based message authentication code" on wikipedia. In short, naive constructions can be dangerously insecure. Use hash_hmac if available or reimplement HMAC properly without shortcuts.

[#4] ▲1▼ radon8472@radon-software.net [50%] (2016-04-18 14:10:17)

<?php
    
function raw2hex($rawBinaryChars)
    {
      return = 
array_pop(unpack('H*'$rawBinaryChars));
    }
?>
The complement of hey2raw. You can use to convert from raw md5-format to human-readable format. This can be usefull to check "Content-Md5" HTTP-Header. <?php
  $rawMd5    
base64_decode($_SERVER['HTTP_CONTENT_MD5']);
  
$post_data file_get_contents("php://input");

  if(
raw2hex($rawMd5) == md5($post_data)) // Post-Data is okay
  
else                                    // Post-Data is currupted
?>

[#5] ▲15▼ john [64%] (2009-11-17 15:08:16)

If you want to hash a large amount of data you can use the hash_init/hash_update/hash_final functions. This allows you to hash chunks/parts/incremental or whatever you like to call it.

[#6] ▲-41▼ dionyziz@deviantart.com [39%] (2007-08-11 12:24:00)

Sometimes it's useful to get the actual, binary, md5 digest. You can use this function for it: <?php

function md5bin$target ) {
    
$md5 md5$target );
    
$ret '';

    for ( 
$i 0$i 32$i += ) {
        
$ret .= chrhexdec$md5$i } ) + hexdec$md5$i } ) * 16 );
    }

    return 
$ret;
}

?>

[#7] ▲-19▼ terry _at_ scribendi_com [41%] (2005-04-28 19:39:56)

Do not use the hex strings returned by md5() as a key for MCrypt 256-bit encryption. Hex characters only represent four bits each, so when you take 32 hex characters, you are only really using a 128-bit key, not a 256-bit one. Using an alphanumeric key generator [A-Za-z0-9] will also only provide a 192-bit key in 32 characters. Two different MD5s concatenated in raw binary form, or mcrypt_create_iv(32,MCRYPT_DEV_RANDOM) will give you a true 256-bit key string.

[#8] ▲-8▼ shane allen [48%] (2003-04-14 20:53:14)

From the documentation on Digest::MD5: md5($data,...) This function will concatenate all arguments, calculate the MD5 digest of this "message", and return it in binary form. md5_hex($data,...) Same as md5(), but will return the digest in hexadecimal form. PHP's function returns the digest in hexadecimal form, so my guess is that you're using md5() instead of md5_hex(). I have verified that md5_hex() generates the same string as PHP's md5() function. (original comment snipped in various places) >Hexidecimal hashes generated with Perl's Digest::MD5 module WILL >NOT equal hashes generated with php's md5() function if the input >text contains any non-alphanumeric characters. > >$phphash = md5('pa$$'); >echo "php original hash from text: $phphash"; >echo "md5 hash from perl: " . $myrow['password']; > >outputs: > >php original hash from text: 0aed5d740d7fab4201e885019a36eace >hash from perl: c18c9c57cb3658a50de06491a70b75cd