SQL Query is not checking case sensitively

Question

I am attempting to create a system to validate a user's username and password. I am currently have issues with checking the user name... If someone's username is say, Burrito, when I pass the query to see if it is in the database, it will not check if the case of the letters is correct. Example: Username is Michael They can enter michael or MiChAeL and it will still think it is the same username.

here is what I am using to check the username:

$isValid = mysql_query("SELECT username FROM " . getSQL_Info(3) . " WHERE username = '" . $user . "'");

Thank you for your time and help. Also, if you see any problems with my code, if something could be better or what not, please tell me :)

Answer 1

Use Collate to compare case sensitive strings. Here is a link to the MySQL manual

Answer 2

You need to check your MySQL encoding type. If it is utf8_general_ci or latin1_swedish_ci (or anything ending in _ci) it is case insensitive.

You could work around this by changing you table encoding or using:

SELECT username FROM table WHERE BINARY username = :username

I would recommend the forma.

Related: How can I make SQL case sensitive string comparison on MySQL?

Also, if you see any problems with my code, if something could be better or what not, please tell me :)

• You are using the deprecated mysql_* functions
  • http://php.net/manual/en/book.pdo.php
  • http://php.net/manual/en/book.mysqli.php
• I can't see any escaping in your code

Answer 3

• you are using deprecated mysql functions
• be aware of security

• the solution of your problem is

  SELECT * FROM foo WHERE (BINARY username="someNaMe")