regdude Posted November 6, 2008 Share Posted November 6, 2008 Hi! I have made a login script. It uses DB to get username and password. But there is a problem with capital letters. If I use, lets say, 'Username123' then I can get in the site behind login because this is in the DB, but if I use 'username123' I can also get in to the site. (The script works for checking if password or username is correct). $password = $_POST['password']; $username = addslashes($_POST['username']); $password = md5($password); $result = mysql_db_query($db, "SELECT * FROM users WHERE username='$username' AND password='$password'"); if (mysql_num_rows($result) == 1) { //... redirect. } Link to comment https://forums.phpfreaks.com/topic/131689-solved-case-sensitive/ Share on other sites More sharing options...
DeanWhitehouse Posted November 6, 2008 Share Posted November 6, 2008 How are you inserting it, as it may be a problem there? Link to comment https://forums.phpfreaks.com/topic/131689-solved-case-sensitive/#findComment-683987 Share on other sites More sharing options...
regdude Posted November 6, 2008 Author Share Posted November 6, 2008 Inserting? <form action='logingo' method='post' /> <center> <table> <tr> <td>Username: </td> <td><input type='text' name='username' size='15' maxlength='20' /></td> </tr> <tr> <td>Password:</td> <td><input type='password' name='password' size='17' maxlength='30' /></td> </tr> <tr> <td></td> <td><input type='submit' value='Login' /></td> </tr> </table> Link to comment https://forums.phpfreaks.com/topic/131689-solved-case-sensitive/#findComment-683989 Share on other sites More sharing options...
DeanWhitehouse Posted November 6, 2008 Share Posted November 6, 2008 sorry, registration. Link to comment https://forums.phpfreaks.com/topic/131689-solved-case-sensitive/#findComment-683991 Share on other sites More sharing options...
revraz Posted November 6, 2008 Share Posted November 6, 2008 http://dev.mysql.com/doc/refman/5.0/en/case-sensitivity.html Link to comment https://forums.phpfreaks.com/topic/131689-solved-case-sensitive/#findComment-683992 Share on other sites More sharing options...
Maq Posted November 6, 2008 Share Posted November 6, 2008 No, we need the SQL statement, where you actually put it into the database... Link to comment https://forums.phpfreaks.com/topic/131689-solved-case-sensitive/#findComment-683994 Share on other sites More sharing options...
regdude Posted November 6, 2008 Author Share Posted November 6, 2008 I add all the values in the DB manually. Like I said there is 'Username123' etc. I need to tell the login script to check if the username is the same even with case-sensitive, because now it doesn't check that. Link to comment https://forums.phpfreaks.com/topic/131689-solved-case-sensitive/#findComment-683996 Share on other sites More sharing options...
Maq Posted November 6, 2008 Share Posted November 6, 2008 When you insert and compare the user names you should always use the strtolower or upper to ensure you don't run into this problem. Link to comment https://forums.phpfreaks.com/topic/131689-solved-case-sensitive/#findComment-684002 Share on other sites More sharing options...
bobbinsbro Posted November 6, 2008 Share Posted November 6, 2008 revraz is right. mysql strings are case insensitive by default. you have to force case sensitivity wherever you want to use it. revraz provided the link. Link to comment https://forums.phpfreaks.com/topic/131689-solved-case-sensitive/#findComment-684004 Share on other sites More sharing options...
Barand Posted November 6, 2008 Share Posted November 6, 2008 try SELECT * FROM users WHERE BINARY username='$username' AND password='$password' Link to comment https://forums.phpfreaks.com/topic/131689-solved-case-sensitive/#findComment-684006 Share on other sites More sharing options...
revraz Posted November 6, 2008 Share Posted November 6, 2008 Wasn't really the solution he was looking for. The problem is it isn't comparing case and he wants it to. When you insert and compare the user names you should always use the strtolower or upper to ensure you don't run into this problem. Link to comment https://forums.phpfreaks.com/topic/131689-solved-case-sensitive/#findComment-684010 Share on other sites More sharing options...
regdude Posted November 6, 2008 Author Share Posted November 6, 2008 Thanks! I simply changed the collation in tables. Because... non-binary string comparisons are case insensitive by default Link to comment https://forums.phpfreaks.com/topic/131689-solved-case-sensitive/#findComment-684013 Share on other sites More sharing options...
DeanWhitehouse Posted November 6, 2008 Share Posted November 6, 2008 Edit: Solved already. Link to comment https://forums.phpfreaks.com/topic/131689-solved-case-sensitive/#findComment-684014 Share on other sites More sharing options...
revraz Posted November 6, 2008 Share Posted November 6, 2008 That's fine and Barand's solution should also work if you didn't want to change the table. Link to comment https://forums.phpfreaks.com/topic/131689-solved-case-sensitive/#findComment-684015 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.