strcmp vs equal
This is a discussion on strcmp vs equal within the PHP Language forums, part of the PHP Programming Forums category; Hi I noticed in some examples to the encrypt functions of the PHP manual a syntax was used for password ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-04-2004
|
|||
|
|||
strcmp vs equal
Hi
I noticed in some examples to the encrypt functions of the PHP manual a syntax was used for password checks such as if (strcmp($userpassword, md5($_POST['password'])) == 0) { // do login } What is the advantage of this compared to if ($userpassword == md5($_POST['password'])) { // do login } ? -- Markus 
|
|
10-04-2004
|
|||
|
|||
|
Re: strcmp vs equal
Markus Ernst wrote:
> Hi > > I noticed in some examples to the encrypt functions of the PHP manual a > syntax was used for password checks such as > > if (strcmp($userpassword, md5($_POST['password'])) == 0) { > // do login > } > > What is the advantage of this compared to > > if ($userpassword == md5($_POST['password'])) { > // do login > } > > ? > it's the same thing.. -- www.iuz-lab.info
|
|
10-04-2004
|
|||
|
|||
|
Re: strcmp vs equal
On Mon, 4 Oct 2004 15:58:14 +0200, "Markus Ernst" <derernst@NO#SP#AMgmx.ch>
wrote: >I noticed in some examples to the encrypt functions of the PHP manual a >syntax was used for password checks such as > >if (strcmp($userpassword, md5($_POST['password'])) == 0) { > // do login >} > >What is the advantage of this compared to > >if ($userpassword == md5($_POST['password'])) { > // do login >} None as far as I'm aware. strcmp would be more familiar for people from a C background (where == would compare the pointers, not the contents of the strings, and so would be wrong in most cases). Perl people might not use == on strings as string compare is 'eq' in Perl, so they may lean towards strcmp, perhaps. -- Andy Hassall / <andy@andyh.co.uk> / <http://www.andyh.co.uk> <http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
|
|
10-06-2004
|
|||
|
|||
|
Re: strcmp vs equal
"Markus Ernst" <derernst@NO#SP#AMgmx.ch> wrote in message news:416156f8$0$8107$afc38c87@news.easynet.ch... > Hi > > I noticed in some examples to the encrypt functions of the PHP manual a > syntax was used for password checks such as > > if (strcmp($userpassword, md5($_POST['password'])) == 0) { > // do login > } > > What is the advantage of this compared to > > if ($userpassword == md5($_POST['password'])) { > // do login > } > Well, in theory, the use of strcmp() is a little safer because you're always comparing two strings. If for some reason $userpassword is set to an integer, the MD5 would get casted into an integer for the purpose of comparison. Example: $userpassword = 0; if($userpassword == md5("Chicken")) { echo "Chicken"; } The condition would evaluate to true because the hash starts with the letter 'a', which becomes 0 when it's converted to integer.
|
|
10-06-2004
|
|||
|
|||
|
Re: strcmp vs equal
Chung Leong <chernyshevsky@hotmail.com> wrote:
> Well, in theory, the use of strcmp() is a little safer because you're always > comparing two strings. If for some reason $userpassword is set to an > integer, the MD5 would get casted into an integer for the purpose of > comparison. So wahts the difference between strcmp() and === :) == should IMHO be used as little as possible, if one knows the types one is comparing and these should match (like in most cases) === is the way to go. -- Daniel Tryba
|
Linear Mode
