Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

sql strictly equals, is there something? [duplicate]

Tags:

sql

sql-server

Possible Duplicate:
SQL server ignore case in a where expression

basically I need to check something like this

select * from users where name = @name, pass = @pass

the problem is that 'pass' = 'pAsS'

is there something more strict for string comparison in sql (ms sql-server)

like image 303
Omu Avatar asked Jun 14 '10 07:06

Omu


People also ask

Does except remove duplicates SQL?

EXCEPT (alternatively, EXCEPT DISTINCT ) takes only distinct rows while EXCEPT ALL does not remove duplicates from the result rows. Note that MINUS is an alias for EXCEPT .

How do I show only unique values in SQL?

The SELECT DISTINCT statement is used to return only distinct (different) values. Inside a table, a column often contains many duplicate values; and sometimes you only want to list the different (distinct) values.

How do I check if two columns have the same value in SQL?

In SQL, problems require us to compare two columns for equality to achieve certain desired results. This can be achieved through the use of the =(equal to) operator between 2 columns names to be compared.


3 Answers

It's down to your collation, which it would seem is case insensitive. For example, the standard collation is Latin1_General_CI_AS, where the CI means case insensitive. You can force a different collaction for a different comparison:

select  *
from    users
where   name = @name
and     pass COLLATE Latin1_General_CS_AS = @pass COLLATE Latin1_General_CS_AS

Incidentally, you shouldn't be storing passwords in your database - you should be salting and hashing them.

like image 128
David M Avatar answered Sep 20 '22 16:09

David M


As several others have already posted you can use collations in your query or change the collation of your "pass" column to be case sensitive. You may also change your query to use the VARBINARY type instead of changing collation:

SELECT * FROM users 
WHERE name = @name
AND pass = @pass
AND CAST(pass AS VARBINARY(50)) = CAST(@pass AS VARBINARY(50))

Note that I left in the pass = @pass clause. Leaving this line in the query allows SQL Server to use any index on the pass column.

like image 42
Jakob Christensen Avatar answered Sep 17 '22 16:09

Jakob Christensen


You need to use a case sensitive collation for the comparison:

SELECT * FROM users 
WHERE name = @name, pass = @pass
COLLATE  SQL_Latin1_General_Cp1_CS_AS

See this article for more details.

like image 45
Oded Avatar answered Sep 21 '22 16:09

Oded