strcmp vs equal

Re: strcmp vs equal

Markus Ernst wrote:
[color=blue]
> Hi
>
> I noticed in some examples to the encrypt functions of the PHP manual a
> syntax was used for password checks such as
>
> if (strcmp($userpa ssword, md5($_POST['password'])) == 0) {
> // do login
> }
>
> What is the advantage of this compared to
>
> if ($userpassword == md5($_POST['password'])) {
> // do login
> }
>
> ?
>[/color]

it's the same thing..

--

Re: strcmp vs equal

On Mon, 4 Oct 2004 15:58:14 +0200, "Markus Ernst" <derernst@NO#SP #AMgmx.ch>
wrote:
[color=blue]
>I noticed in some examples to the encrypt functions of the PHP manual a
>syntax was used for password checks such as
>
>if (strcmp($userpa ssword, md5($_POST['password'])) == 0) {
> // do login
>}
>
>What is the advantage of this compared to
>
>if ($userpassword == md5($_POST['password'])) {
> // do login
>}[/color]

None as far as I'm aware.

strcmp would be more familiar for people from a C background (where == would
compare the pointers, not the contents of the strings, and so would be wrong in
most cases).

Perl people might not use == on strings as string compare is 'eq' in Perl, so
they may lean towards strcmp, perhaps.

--
Andy Hassall / <andy@andyh.co. uk> / <http://www.andyh.co.uk >
<http://www.andyhsoftwa re.co.uk/space> Space: disk usage analysis tool

Re: strcmp vs equal

Thank you both for your answers!

--
Markus

Re: strcmp vs equal


"Markus Ernst" <derernst@NO#SP #AMgmx.ch> wrote in message
news:416156f8$0 $8107$afc38c87@ news.easynet.ch ...[color=blue]
> Hi
>
> I noticed in some examples to the encrypt functions of the PHP manual a
> syntax was used for password checks such as
>
> if (strcmp($userpa ssword, md5($_POST['password'])) == 0) {
> // do login
> }
>
> What is the advantage of this compared to
>
> if ($userpassword == md5($_POST['password'])) {
> // do login
> }
>[/color]

Well, in theory, the use of strcmp() is a little safer because you're always
comparing two strings. If for some reason $userpassword is set to an
integer, the MD5 would get casted into an integer for the purpose of
comparison.

Example:

$userpassword = 0;
if($userpasswor d == md5("Chicken")) {
echo "Chicken";
}

The condition would evaluate to true because the hash starts with the letter
'a', which becomes 0 when it's converted to integer.

Re: strcmp vs equal

Chung Leong <chernyshevsky@ hotmail.com> wrote:[color=blue]
> Well, in theory, the use of strcmp() is a little safer because you're always
> comparing two strings. If for some reason $userpassword is set to an
> integer, the MD5 would get casted into an integer for the purpose of
> comparison.[/color]

So wahts the difference between strcmp() and === :)

== should IMHO be used as little as possible, if one knows the types one
is comparing and these should match (like in most cases) === is the way
to go.

--

Daniel Tryba