Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to use the case-sensitive for MySQL password field?

Tags:

php

passwords

mysql

I have user login but user can login with case-insensitive way Means if your password is 'test' then user able to login with 'TEST' password.
I want to avoid the such type authentication on my password field.

like image 882
SKu Avatar asked Dec 12 '11 11:12

SKu

People also ask

How do I make MySQL password case sensitive?

but in case of login function we just do SELECT * FROM tbl WHERE password = aBc will be case sensitive and only consider password with aBc value.

Can you make MySQL case sensitive?

By default, it depends on the operating system and its case sensitivity. This means MySQL is case-insensitive in Windows and macOS, while it is case-sensitive in most Linux systems. However, you can change the behavior by changing collation. Last but not least: MS SQL Server.

Is MySQL field name case sensitive?

Table and database names are stored on disk using the lettercase specified in the CREATE TABLE or CREATE DATABASE statement, but MySQL converts them to lowercase on lookup. Name comparisons are not case-sensitive.

Are values in MySQL case sensitive?

Show activity on this post. By default MySQL queries are not case-sensitive. the case sensitivity of the underlying operating system plays a part in the case sensitivity of database and table names. This means database and table names are not case sensitive in Windows, and case sensitive in most varieties of Unix.

2 Answers

The easiest way is to use the binary keyword in your query use:

SELECT /*fields*/ FROM table WHERE /* where clause */ BINARY password = "userpassword"

OR

use the strcmp in your PHP code:

You can use this also if you store hashed or encrypted password which I recommend.

like image 97
Book Of Zeus Avatar answered Sep 30 '22 19:09

Book Of Zeus

I guess you are storing passwords in clear. That's not only pretty insecure, it's also unnecessary in most situations. My advice is to store passwords in two columns, e.g.:

password_salt VARCHAR(16)
password_hash VARCHAR(40)

Before storing a new password, take the password provided by the user ($clear_password), create a random string ($salt) and use both to create a hash (sha1sum($salt . $clear_password). Store both the salt and the hash and discard the clear password.

To validate a password, retrieve the stored salt for the given user, generate the hash and see if it matches with the hash in DB.

This technique is called salted passwords.

like image 39
Álvaro González Avatar answered Sep 30 '22 20:09

Álvaro González
Sign in to Comment

Related questions

Is PHP 5.3 backwards-compatible with PHP 5.2?
ForceType/htaccess file extension question - extensionless files?
Php to replace @username with link to twitter account
Shuffle 2 php arrays in the same way
PHP extension vs. library (and can it be converted)
Unlimited arguments for PHP function? [duplicate]
class name collision when using codeigniter 2.0 with Datamapper?
PHP HTTP Referrer
php variable scope
Mysqli insert_id()
PECL install failed
How can I have default values for options for a WordPress Plugin?
How to merge two arrays by taking over only values from the second array that has the same keys as the first one?
How can I install php_posix php extension in windows?
How to check for variable existence in codeigniter(php)? newb question
PHP MySQL utf 8 encoding
Doctrine 2.1 - error in DateTimeType
Codeigniter 2 restrict controller to command line
Best way to track (direct) file downloads
Returning a random value from array with probability proportional to it's value

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!