Reputation: 2403
Check if password values are identical
I need to check that the values are identical. If $_POST['password'] = PASS instead of pass it would return 0 rows.
This script should echo either 1 or 0. It works fine as it is, but I want to make it more secure.
$_POST['username'] = 'admin';
$_POST['password'] = 'pass';
mysql_connect('localhost', '', '');
mysql_select_db('database');
echo $num = mysql_num_rows(mysql_query("SELECT username,password FROM users WHERE username = '". mysql_real_escape_string($_POST['username']) . "' AND password = '". mysql_real_escape_string($_POST['password']) . "'"));
Upvotes: 0
Views: 304
Answers (2)
Reputation: 24506
If you want to make it more secure, you shouldn't really be storing the password in plain text in the database at all. Storing a hash (e.g. MD5 or SHA1) of the password, preferably with a salt added, and then comparing that to a hash of the entered password each time is a better approach.
For your query, it sounds like you want to make it case sensitive though. To do that, you need to change the collation on the password column to be a case-sensitive collation. Those are the collations that end in _cs , like latin1_general_cs .
Upvotes: 7
Reputation: 31146
MySQL does case insentivive comparision, which is why PASS == pass. You can circumvent that by setting the column type to BINARY. Apart from that, never store the password plaintext in database but has it with sha or md5.
Upvotes: 1
Related Questions
- Registration Form Checking The Two Password Are Matching
- PHP & MySQL compare password
- Comparing two Passwords in Registration form
- PHP / MySQL: How to compare selected value with input received via $_POST
- Verify User Password Matches Password in Database
- MySQL and PHP - Password Compare
- Using PHP to compare MySql Password()
- Comparing two passwords PHP
- MySQL password comparison from PHP
- Comparing passwords in php and sending it to a database