What's wrong with these passwords?

When I try to put a new user's password into a MySQL database, it doesn't encrypt it correctly. Here's the code I'm using:

$encPassword = hash('sha256', $_POST['password']); 
    $query = sprintf("INSERT INTO users(`userName`,`email`,`password`) 
        VALUES('%s','%s',PASSWORD('%s'))", 
        mysql_real_escape_string($_POST['userName']), 
        mysql_real_escape_string($_POST['email']), 
        mysql_real_escape_string($encPassword))or die(mysql_error()); 
    $sql = mysql_query($query); 

When I check the database though, it doesn't store the password as sha256 encrypted. It only has 16 random ch开发者_如何学Goaracters (it should have ~50). What's wrong with it?

Check you have correct column lenght allowed in your table. That's the most common problem. Your field must be at least VARCHAR(64)

I don't think you should use the PASSWORD keyword: http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html#function_password

The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead. Also see RFC 2195, section 2 (Challenge-Response Authentication Mechanism (CRAM)), for more information about handling passwords and authentication securely in your applications.

But, you've already hashed the password on the 1st line of code. Just insert that directly into the database...

Have you checked the value of $encPassword before the INSERT?

It's because you are using PASSWORD('%s') function in your query, (so you are double hashing your password).

Just insert it as other values ('%s')