我创建了一个登录检查脚本,用于检查用户名和密码是否与数据库中设置的帐户匹配。一切正常但它不是区分大小写它应该是!我该怎么做才能使这个脚本也检查大写/小写?例如:我有一个用户名帐户:AdMin密码:My43sGG。如果我在登录字段中输入admin和my43sgg,它也可以工作。
我的剧本:
<?php
// connect to the database
include("config.php");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM " .$members. " WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:index.php");
}
else {
?>
答案 0 :(得分:4)
使用BINARY
WHERE BINARY username = BINARY '$myusername' AND
BINARY password = BINARY '$mypassword'
作为旁注,如果变量的值( s )来自外部,则查询易受SQL Injection
攻击。请查看下面的文章,了解如何防止它。通过使用PreparedStatements
,您可以摆脱在值周围使用单引号。
答案 1 :(得分:3)
与问题无关,但如果你将自己的密码加密为共享密码并在数据库中查找AES加密字符串,那会更好....我想这也可以解决问题虽然如果用不同的案例加密它们会有所不同
答案 2 :(得分:0)
您可以编写自定义函数来像这样验证它
function isPartUppercase($string) {
if(preg_match("/[A-Z]/", $string)===0) {
return true;
}
return false;
}
答案 3 :(得分:-2)
试试这个
<?php
session_start();
$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
$userId = $_POST['txtUserId'];
$password = ($_POST['txtPassword']);
require_once("db_fns.php");
db_connect();
$sql = "SELECT *
FROM adminuser
WHERE username = '$userId' AND password = '$password'";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
$row=mysql_fetch_array($result);
$admin=$row['username'];
// print $admin;
if (mysql_num_rows($result) == 1) {
$_SESSION['db_is_logged_in'] = true;
$_SESSION['admin']=$admin;
header('Location: main.php');
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}
}
?>