如何检查用户名和密码区分大小写?

I made a login check script that checks if username and password match an account that is set in the database. All works fine but it isn't case sensitive which it really should be! What can I do to make this script also check for uppercase/lowercase? For example: I have an account with username: AdMin password: My43sGG. If I would enter admin and my43sgg in the login fields it would also work.

我做了一个登录检查脚本，检查用户名和密码是否与数据库中设置的帐户匹配。所有的功能都很好，但是它真的应该是大小写敏感的!我怎样做才能使这个脚本也检查大写/小写?例如:我有一个用户名:AdMin密码:My43sGG的帐户。如果我在登录字段中输入admin和my43sgg，它也可以工作。

my script:

我的脚本:

<?php

// connect to the database
include("config.php");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM " .$members. " WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:index.php");
}
else {
?>

4 个解决方案

#1

use BINARY

使用二进制

WHERE BINARY username = BINARY '$myusername' AND
      BINARY password = BINARY '$mypassword'

SQLFiddle Demo
SQLFiddle演示

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

作为旁注，如果变量的值来自外部，那么查询就会受到SQL注入的影响。请看下面的文章，学习如何预防。通过使用preparedstatement，可以避免在值周围使用单引号。

How to prevent SQL injection in PHP?
如何防止PHP中的SQL注入?

#2

Not relevant to the question, but it would be better if you AES encrypted the password with itself as the shared secret and looked up the AES encrypted string in the database....I would imagine that would also resolve the issue as well though as they would differ if encrypted with a different case

不相关的问题,但它会更好,如果你AES加密密码与自身共享密钥和数据库....抬头AES加密的字符串我想这也可以解决问题，尽管如果用不同的情况加密，它们会有所不同

#3

You can write a custom function to validate it like this

您可以编写一个自定义函数来像这样验证它

function isPartUppercase($string) {
if(preg_match("/[A-Z]/", $string)===0) {
    return true;
}
return false;
}

#4

-2

Try this one

试试这个

<?php 
session_start(); 
$errorMessage = ''; 
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { 

    $userId   = $_POST['txtUserId']; 
    $password = ($_POST['txtPassword']); 
     require_once("db_fns.php");
    db_connect();
    $sql = "SELECT *  
            FROM adminuser
            WHERE username = '$userId' AND password = '$password'"; 

    $result = mysql_query($sql) or die('Query failed. ' . mysql_error());  

    $row=mysql_fetch_array($result);
    $admin=$row['username'];
   // print $admin;
    if (mysql_num_rows($result) == 1) { 

        $_SESSION['db_is_logged_in'] = true; 

        $_SESSION['admin']=$admin;

        header('Location: main.php'); 
        exit; 
    } else { 
        $errorMessage = 'Sorry, wrong user id / password'; 
    } 

} 
?>

#1