jakebur01 Posted March 12, 2009 Share Posted March 12, 2009 Would it be smart to use strtolower() when inserting a username into a database and also use it when comparing? if (isset($_POST['userid']) && isset($_POST['password'])) { // if the user has just tried to log in $userid = strtolower($_POST['userid']); $password = $_POST['password']; require("newlife_data.inc"); if (mysqli_connect_errno()) { echo 'Connection to database failed:'.mysqli_connect_error(); exit(); } $query = 'select * from life_useraccount ' ."where Username='$userid' " ." and Password=sha1('$password') " ." and Active='Y'"; $result = $db_conn->query($query); if ($result->num_rows >0 ) { } Quote Link to comment Share on other sites More sharing options...
jackpf Posted March 12, 2009 Share Posted March 12, 2009 Well, not if your username column is case insensitive. Then people would with the same username but in a different case would all be logged in as whoever turns up first in the table. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.