strcmp vs equal

Hi

I noticed in some examples to the encrypt functions of the PHP manual a
syntax was used for password checks such as

if (strcmp($userpassword, md5($_POST['password'])) == 0) {
// do login
}

What is the advantage of this compared to

if ($userpassword == md5($_POST['password'])) {
// do login
}

?

--
Markus

Markus Ernst wrote:

> Hi
>
> I noticed in some examples to the encrypt functions of the PHP manual a
> syntax was used for password checks such as
>
> if (strcmp($userpassword, md5($_POST['password'])) == 0) {
> // do login
> }
>
> What is the advantage of this compared to
>
> if ($userpassword == md5($_POST['password'])) {
> // do login
> }
>
> ?
>

it's the same thing..

--
www.iuz-lab.info

On Mon, 4 Oct 2004 15:58:14 +0200, "Markus Ernst" <derernst@NO#SP#AMgmx.ch>
wrote:

>I noticed in some examples to the encrypt functions of the PHP manual a
>syntax was used for password checks such as
>
>if (strcmp($userpassword, md5($_POST['password'])) == 0) {
> // do login
>}
>
>What is the advantage of this compared to
>
>if ($userpassword == md5($_POST['password'])) {
> // do login
>}

None as far as I'm aware.

strcmp would be more familiar for people from a C background (where == would
compare the pointers, not the contents of the strings, and so would be wrong in
most cases).

Perl people might not use == on strings as string compare is 'eq' in Perl, so
they may lean towards strcmp, perhaps.

--
Andy Hassall / <andy@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool

Thank you both for your answers!

--
Markus

"Markus Ernst" <derernst@NO#SP#AMgmx.ch> wrote in message
news:416156f8$0$8107$afc38c87@news.easynet.ch...
> Hi
>
> I noticed in some examples to the encrypt functions of the PHP manual a
> syntax was used for password checks such as
>
> if (strcmp($userpassword, md5($_POST['password'])) == 0) {
> // do login
> }
>
> What is the advantage of this compared to
>
> if ($userpassword == md5($_POST['password'])) {
> // do login
> }
>

Well, in theory, the use of strcmp() is a little safer because you're always
comparing two strings. If for some reason $userpassword is set to an
integer, the MD5 would get casted into an integer for the purpose of
comparison.

Example:

$userpassword = 0;
if($userpassword == md5("Chicken")) {
echo "Chicken";
}

The condition would evaluate to true because the hash starts with the letter
'a', which becomes 0 when it's converted to integer.

Chung Leong <chernyshevsky@hotmail.com> wrote:
> Well, in theory, the use of strcmp() is a little safer because you're always
> comparing two strings. If for some reason $userpassword is set to an
> integer, the MD5 would get casted into an integer for the purpose of
> comparison.

So wahts the difference between strcmp() and === :)

== should IMHO be used as little as possible, if one knows the types one
is comparing and these should match (like in most cases) === is the way
to go.

--

Daniel Tryba