It depends how you have configured the Oracle Server. It has both the options and can run in case insensitive or case sensitive. Ask the DBA in your area as how they have configured the servers.
HTH. Thanks -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 19, 2002 11:48 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [cgiapp] checking passwords using SQL Unless there is something set in my Oracle startup, I would like to differ :) 1* select 'yes' from DUAL where 'A' = 'a' cms sql> / no rows selected cms sql> c$'A'$'a' 1* select 'yes' from DUAL where 'a' = 'a' cms sql> / 'YE --- yes 1 row selected. Brian ---- Brian T. Wightman [EMAIL PROTECTED] 414.524.4025 [EMAIL PROTECTED] e To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED], [EMAIL PROTECTED] 12/18/02 07:15 Subject: Re: [cgiapp] checking passwords using SQL PM > A little bit of an optimization and security check - if all you are > doing > is comparing if the username and password match, why not let SQL do it? > > my $query = "SELECT count(*) FROM user WHERE USER_ID = ? and > USER_PASSWORD = ?"; > my $sth = $dbh->prepare($query); > $sth->execute($user_ID, $pass_word); > my ($valid_login) = $sth->fetchrow_array (); #This could also > be > changed.... Good call, but one caveat: SQL is case-insensitive. So the password and userid will be compare case-insensitively as well. (I found out about this the hard way...) You could fix this by declaring the columns or the comparison as binary (at least in MySQL). Thilo --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/cgiapp@lists.erlbaum.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/cgiapp@lists.erlbaum.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
