#1
  1. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,191
    Rep Power
    220

    strtolower users input to log in or not strtolower to log in?


    Do you change user's input before querying the database? Both for and create, retrieve. CRud.

    What would be the right approach? Change user's email to lowercase and then run the query?

    What realy happens between php and mysql when email is passed to mysql? Email@example.com, email@example.com.

    Code:
    $sql = "SELECT jvzoo_cproditem, transaction_type, transaction_time, jvzoo_cprodtitle, email, id FROM transactions 
                                    WHERE
                                    email = ? 
                                    AND jvzoo_cproditem = ? 
                                    ORDER BY id DESC 
                                ";
                        $query_transactions = $CI->db->query($sql, array($email, $product));
    Thanks
  2. #2
  3. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,780
    Rep Power
    4536
    Yes
    -- Cigars, whiskey and wild, wild women. --
  4. #3
  5. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,191
    Rep Power
    220
    Umm... I remember a few years ago Requinix saying save users input into the database exactly as it is and apply functions on display.

    I might be wrong
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2016
    Posts
    92
    Rep Power
    5
    What happens depends on the data type of the column holding the data and on the collation of the column for text/character data types.

    If you have used a text/character data type for the email column, the collation will determine if the comparison is case-sensitive or not and most commonly used collations are not case sensitive. If you have used a binary data type, the comparison will be case-sensitive.
  8. #5
  9. Lazy Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,335
    Rep Power
    9645
    Originally Posted by English Breakfast Tea
    Umm... I remember a few years ago Requinix saying save users input into the database exactly as it is and apply functions on display.
    Me and/or Jacques, yes. Things like email addresses can probably be safely lowercased, but I wouldn't - user typed in mixed case, user sees mixed case.

    As long as you have a *_ci collation then the comparison will be case-insensitive and stuff will work.
  10. #6
  11. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,780
    Rep Power
    4536
    Good points. I think the key is making sure you're doing case-insensitive comparisons, obviously. Presenting the data just how the user typed it is a good point, too.
    -- Cigars, whiskey and wild, wild women. --

IMN logo majestic logo threadwatch logo seochat tools logo