I have user login but user can login with case-insensitive way Means if your password is 'test' then user able to login with 'TEST' password.
I want to avoid the such type authentication on my password field.
but in case of login function we just do SELECT * FROM tbl WHERE password = aBc will be case sensitive and only consider password with aBc value.
By default, it depends on the operating system and its case sensitivity. This means MySQL is case-insensitive in Windows and macOS, while it is case-sensitive in most Linux systems. However, you can change the behavior by changing collation. Last but not least: MS SQL Server.
Table and database names are stored on disk using the lettercase specified in the CREATE TABLE or CREATE DATABASE statement, but MySQL converts them to lowercase on lookup. Name comparisons are not case-sensitive.
Show activity on this post. By default MySQL queries are not case-sensitive. the case sensitivity of the underlying operating system plays a part in the case sensitivity of database and table names. This means database and table names are not case sensitive in Windows, and case sensitive in most varieties of Unix.
The easiest way is to use the binary keyword in your query use:
SELECT /*fields*/ FROM table WHERE /* where clause */ BINARY password = "userpassword"
OR
use the strcmp in your PHP code:
You can use this also if you store hashed or encrypted password which I recommend.
I guess you are storing passwords in clear. That's not only pretty insecure, it's also unnecessary in most situations. My advice is to store passwords in two columns, e.g.:
password_salt VARCHAR(16)
password_hash VARCHAR(40)
Before storing a new password, take the password provided by the user ($clear_password
), create a random string ($salt
) and use both to create a hash (sha1sum($salt . $clear_password
). Store both the salt and the hash and discard the clear password.
To validate a password, retrieve the stored salt for the given user, generate the hash and see if it matches with the hash in DB.
This technique is called salted passwords.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With