No announcement yet.

[OT] PHP String Comparison

  • Filter
  • Time
  • Show
Clear All
new posts

    [OT] PHP String Comparison

    This is horribly off-topic, so I apologise if I'm out of place posting it here.

    I'm trying to get PHP to verify a password handed to it via a form. The code for it is below:

    PHP Code:
            case "processlogon":
    $attemptedusername $_POST['username'];
    $attemptedpassword $_POST['password'];
    $query "SELECT Password, AccessLevel FROM DIWCustomer WHERE UserName = '$attemptedusername'";
    ora_parse($cursor$query) or die;
    $actualPassword ora_getcolumn($cursor"0");
    $level ora_getcolumn($cursor"1");

    //If password is correct

    if ($attemptedpassword == $actualPassword) {
    $_SESSION['username'] = $attemptedusername;
    "You have sucessfully logged in, $attemptedusername";
    $_SESSION['accesslevel'] = $level;

    //If password is incorrect

    } else {
    $_SESSION['username'] = "";
    $_SESSION['accesslevel'] = "";
    "Password is incorrect";
    $actualPassword <br>
                            Tried Pass: 
    $attemptedpassword <br>
                            Access Level: 

    Unfortunately, the IF statement always evaluates to FALSE. I've checked and double checked and there's no hidden spaces in my password, or anything like that.

    Any ideas? Thanks in advance


    PHP Code:
    $actualPassword ora_getcolumn($cursor0);
    $level ora_getcolumn($cursor1); 
    .. you're passing a string to ora_getcolumn's second argument when I believe it's looking for an int. Also, right after that, echo out $actualPassword just to make sure your fetch was actually successful.


      Thanks. I tried that and am getting the same results.

      When I echo the password back out onto the page, they both look identical.

      However, when I look at the HTML page source being outputted, the 'real password' line has a ton of extra whitespace after it.

      Could the SQL be returning me extra spaces because the password field is stored as a Char() instead of varchar?

      Thanks for the idea :up:


        What do you know... that's exactly what it was.

        The password field in the SQL population was specified as Char(20) instead of VarChar2(20). hence it added white space at the end to make up to 20 characters.

        Result. The logon system works.

        Thanks for the help! :up:


          so in mysql, having char(num) automatically fills it to have 20 "objects"?


            Originally posted by bringit
            so in mysql, having char(num) automatically fills it to have 20 "objects"?
            That appears to be what I was getting back through PHP, yes.

            It was the contents of the Char, with enough extra white space on the end to make it up to a total of 20 characters.