登录：区分大小写的Xcode / PHP

Question

I have a problem with Xcode and a customer-login function. 2 Textfields: One for name and one for password.

In my database (for example) the password is "Hello". But I can type "Hello" OR "hello" (not case-sensitive) to fulfill the login conditions.

What can i do to make it case-sensitive? (in Xcode or PHP?)

The .php-file:

$Nickname = $_GET["User"];
$Password = $_GET["Password"];


$query = "SELECT Count(*) FROM kunde WHERE Nickname='$Nickname' AND Password='$Password'";

$result=mysql_query($query) or die("error");
    $num = mysql_numrows($result);
    mysql_close();


    $rows = array();
    while ($r = mysql_fetch_assoc($result))
    {
        $rows[] = $r['Count(*)'];

    }
    echo json_encode($rows); 

Answer 1

You should not be storing passwords in plain text. Use a hashing function like sha1() with a salt. Your password will be case-sensitive.

$Password = sha1($Password . 'somerandomstring');

You need to use it before storing the password and before checking for it. sha1() will always generate the same string with the same input.

As for other fields in the database, you can make sure they are case sensitive by using an appropriate collation for them. Right now you are using utf8_general_ci . The 'ci' part at the end stands for case insensititive. Changing it for utf8_general_cs will solve the issue.

Answer 2

You can also query the column as binary and it will be case sensitive:

$query = "SELECT Count(*) FROM kunde WHERE Nickname='$Nickname' AND binary Password='$Password'";

Remember to escape your $Nickname and $Password to avoid [sql injection][1]. (http://en.wikipedia.org/wiki/SQL_injection)