dealing with username

[jakebur01]

Would it be smart to use strtolower() when inserting a username into a database and also use it when comparing?

 

if (isset($_POST['userid']) && isset($_POST['password']))
{
  // if the user has just tried to log in
  $userid = strtolower($_POST['userid']);
  $password = $_POST['password'];


require("newlife_data.inc");
  if (mysqli_connect_errno()) {
   echo 'Connection to database failed:'.mysqli_connect_error(); 
   exit();
  }

  $query = 'select * from life_useraccount '
           ."where Username='$userid' "
           ." and Password=sha1('$password') "
  ." and Active='Y'";
  $result = $db_conn->query($query);
  
  
  if ($result->num_rows >0 )
  {

}

 

 

 

 

[jackpf]

Well, not if your username column is case insensitive.

 

Then people would with the same username but in a different case would all be logged in as whoever turns up first in the table.