Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

sql strictly equals, is there something? [duplicate]

Tags:

sql

sql-server

Possible Duplicate:
SQL server ignore case in a where expression

basically I need to check something like this

select * from users where name = @name, pass = @pass

the problem is that 'pass' = 'pAsS'

is there something more strict for string comparison in sql (ms sql-server)

like image 303
Omu Avatar asked Jun 14 '10 07:06

Omu

People also ask

Does except remove duplicates SQL?

EXCEPT (alternatively, EXCEPT DISTINCT ) takes only distinct rows while EXCEPT ALL does not remove duplicates from the result rows. Note that MINUS is an alias for EXCEPT .

How do I show only unique values in SQL?

The SELECT DISTINCT statement is used to return only distinct (different) values. Inside a table, a column often contains many duplicate values; and sometimes you only want to list the different (distinct) values.

How do I check if two columns have the same value in SQL?

In SQL, problems require us to compare two columns for equality to achieve certain desired results. This can be achieved through the use of the =(equal to) operator between 2 columns names to be compared.

3 Answers

It's down to your collation, which it would seem is case insensitive. For example, the standard collation is Latin1_General_CI_AS, where the CI means case insensitive. You can force a different collaction for a different comparison:

select  *
from    users
where   name = @name
and     pass COLLATE Latin1_General_CS_AS = @pass COLLATE Latin1_General_CS_AS

Incidentally, you shouldn't be storing passwords in your database - you should be salting and hashing them.

like image 128
David M Avatar answered Sep 20 '22 16:09

David M

As several others have already posted you can use collations in your query or change the collation of your "pass" column to be case sensitive. You may also change your query to use the VARBINARY type instead of changing collation:

SELECT * FROM users 
WHERE name = @name
AND pass = @pass
AND CAST(pass AS VARBINARY(50)) = CAST(@pass AS VARBINARY(50))

Note that I left in the pass = @pass clause. Leaving this line in the query allows SQL Server to use any index on the pass column.

like image 42
Jakob Christensen Avatar answered Sep 17 '22 16:09

Jakob Christensen

You need to use a case sensitive collation for the comparison:

SELECT * FROM users 
WHERE name = @name, pass = @pass
COLLATE  SQL_Latin1_General_Cp1_CS_AS

See this article for more details.

like image 45
Oded Avatar answered Sep 21 '22 16:09

Oded
Sign in to Comment

Related questions

dba_jobs_running: table or view does not exist when trying to access from procedure
Database table with just 1 or 2 optional fields... split into multiple tables?
How to check whether the job is disabled or Not in sqlserver management studio 2005?
For a char/varchar/text column, why will an index for that column make it faster to search?
Determine the size of a SQL result set in KB
Finding MySQL errors from LOAD DATA INFILE
Tricky SQL query
Duplicate a record in MySQL
Wipe data from Oracle DB
How can I join two tables with different number of rows in MySQL?
How to select a row based on a max count? (using standard sql)
Is it really worth it to normalize the "Toxi" way? ( 3NF )
Designing a SQL table with hierarchy/sub-categories
Value before variable
select * from table where datetime in month (without breaking index)
Zend Framework: How to combine three tables in one query using Joins?
How to control order of assignment for new identity column in SQL Server?
Average of Average in one row
Query performance difference pl/sql forall insert and plain SQL insert
jpa join query on a subclass

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!