问题
I was wondering in case of normal select operation the search is case insenesitive.
So SELECT * FROM tbl WHERE name = aBc will also consider name with values ABC,abc,abC etc
but in case of login function we just do
SELECT * FROM tbl WHERE password = aBc
will be case sensitive and only consider password with aBc value.
How does this happens?I didnt found anything about this in my searches.
Please care to explain.
Thanx All.
回答1:
I think it depends on collation of columns, default database collation in MySQL utf8_general_ci where ci at the end stands for case insensitive.
case sensitive passwords will work only if you are storing passwords in encrypted format using MD5 or PASSWORD function.
show variables like '%collation%';
+---------------------------+-------------------+
| Variable_name | Value |
+---------------------------+-------------------+
| collation_connection | latin1_swedish_ci |
| collation_database | utf8_general_ci |
| collation_server | latin1_swedish_ci |
+---------------------------+-------------------+
回答2:
$sql="SELECT * FROM user where username='$username' AND BINARY password='$password'";
回答3:
for case-sensitive use (BINARY)
SELECT * FROM tbl WHERE BINARY password = aBc
回答4:
I'm not sure what the answer to your exact question is, however if you're storing passwords in a database as text, then that is a VERY bad idea. What you should do instead is hash the password upon registration and store it in your database in that form. Then each time a user attempts to login, you rehash the submitted password and compare it to the hash stored in the row with the matching username. Since the hash IS case-sensitive, this solves your problem while adding a much needed level of security.
回答5:
In many implementations passwords or their hashes are compared in the application server so the problem does not arise.
来源:https://stackoverflow.com/questions/11716420/if-mysql-is-case-insensitive-how-does-it-works-for-the-password-field-in-login