PHP:不区分大小写的登录检查 [英] PHP: Case-Insensitive Login Check

问题描述

截至目前，我检查用户是否可以这种方式登录:

As of right now I check if a user can login in this manner:

// simply logic:
if (username == usernameEntered && password == passwordEntered) {

我的数据库在我的用户表中有一个Aaron条目.但是，如果我尝试以aaron或AARON等身份登录，则会拒绝我的访问.因此，似乎是区分大小写的.这是我的数据库是否有问题，或者我是如何检查登录凭据的?

My database has an entry of Aaron within my user's table. But if I try to login as aaron or AARON etc. It will deny me access. So it seems it is case sensitive. Is this a problem with my database or how I'm checking for login credentials?

我还记得当我摆弄JavaScript时，/values/i可以用于区分大小写. PHP检查是否有类似的东西?

I remember back when I fiddled with JavaScript, /values/i could be used for case insensitivity. Is there something like this for PHP checks?

此外，由于我在这里，因此在引用cookie/$ _ GET []时，isset();和empty();之间有很多区别；请求?

Also, since I'm here, is there much difference between isset(); and empty(); when in reference to cookies/$_GET[]; requests?

推荐答案

是的，请使用 strtolower 功能.只需要做这样的事情:

Yep, use the strtolower function. Just need to do something like this:

if(strtolower($username) == strtolower($usernameEntered))

关于 isset() 和 empty() ，不同，但通常它们会给您相同的结果. isset()告诉您是否设置了变量(但仍然没有值). empty()通常告诉变量是否等于某个值.请参阅我链接到的每个PHP文档.我建议不要使用 empty()来检查Cookie和GET/POST值，因为空字符串和0被认为是空的，这可能不是您想要的.我将使用isset()来查看变量是否已设置，然后进一步检查它是否包含您要查找的任何数据.通常，您通常会以不同的方式处理空字符串，而不是根本没有值.

As for isset() and empty(), they are indeed different, but often they'll give you the same result. isset() tells you whether a variable was set at all (but it can still have no value). empty() tells in general whether the variable is equal to something. See the PHP documentation I linked to for each one. I would advise against using empty() for checking cookies and GET/POST values because empty strings and 0 are considered empty, which is probably not what you want. I would use isset() to see if the variable was set, and then further check it for whatever data you're looking for. Oftentimes you would want to deal with an empty string differently than no value at all.

此外，Pekka还提出了一条评论，即如果您在数据库中基于用户名找到该帐户，那么您确实需要进行转换为小写字母.如果是这样:

Also, Pekka brought up in a comment that if you're finding the account in the database based on the username, then you really need to do the conversion to lowercase there. If so:

SELECT * FROM users WHERE LOWER(username) = LOWER(:username)

那是假设您正在使用带有PDO的准备好的查询.否则，只需在具有:username的地方替换您的变量(当然，使用适当的字符串连接等等:)

That's assuming you're using a prepared query with PDO. Otherwise just substitute your variable where I have :username (with proper string concatenation and so forth, of course. :)

由于deceze在注释中出现，因此在这样的查询中使用LOWER()将是一个非常糟糕的主意，因为它将不得不将表中的每个用户名都转换为小写以进行比较，并且将呈现任何索引对字段没用.更好的方法是在数据库中存储用户名的小写版本以及字段上的索引.当用户尝试登录时，请将输入的内容转换为小写，然后进行比较.

这篇关于PHP:不区分大小写的登录检查的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！