Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

MySQL wierdness

edited December 2005 in Vanilla 1.0 Help
So i'm just making this thing for school and i have a table full of user details. I'm trying to validate a login based on a userID and password. Easy, right? BUT, when i do a sql query like SELECT pupilID,FirstName,LastName,email,password FROM `pupils` WHERE `pupilID`='15' AND `password`='GC5670106' LIMIT 1 It returns no users. Skip the password or swap it out for something like FirstName and it works fine. It just doesnt wanna search on the password and i cant work out why. The charset/whatever is the same for all types of data (latin1_swedish_ci) and i see no reason the password shouldnt fit that. Ideas, anyone?

Comments

  • Options
    lechlech Chicagoland
    are you just storing the said password as plaintext? you're comparing two strings, so you might want to match it via the criteria it's formatted in, in the first place. Otherwise you're likely to always have a return of zero. What I would do, is pull via last/first names, and email (forget the password) and match it via php and not have sql do any time consuming comparisons. Also create a testcase and make sure you're pulling data that exists in the first place. That way you can see what's going wrong.
  • Options
    time isnt really an issue but that's probably a better way of doing it anyway. What did you mean by 'might want to match it via the critedia it's formatted in, in the first place'? All the passwords are plaintext.
  • Options
    Right. I've made it so it queries the db for the userID's details then compares the password. It still recons theyre wrong so i got it to echo them. This is what it gives: GC5670106 GC5670106 Someone please tell me the difference between them?
  • Options
    Did you trim whitespace?
  • Options
    eBeB
    edited December 2005
    Can you give us the portion of your code that retreives and compares? EDIT: nvm, see if Lech's idea works first.
  • Options
    lechlech Chicagoland
    Ok, since all the passwords are plain text, then all you would need to do like Bergamot mentioned is trim the whitespace. trim($var); I mentioned earlier that if you're md5'ing the passwords or something, that you may need to rehash them in order to match, and even then you'll still need to trim.
  • Options
    Also, SQL can be a little unpredictable when comparing the values of two different string types.
  • Options
    Yeah, seems your trimming idea worked. Although i achieved it by just opening every row of the table for editing and then saving it again. Not come across that before. Now i just need to re-learn session management and cookies ;)
This discussion has been closed.