strcmp vs equal

**iuz** · Jul 17 '05, 08:59 AM

Re: strcmp vs equal

Markus Ernst wrote:
[color=blue]
> Hi
>
> I noticed in some examples to the encrypt functions of the PHP manual a
> syntax was used for password checks such as
>
> if (strcmp($userpa ssword, md5($_POST['password'])) == 0) {
> // do login
> }
>
> What is the advantage of this compared to
>
> if ($userpassword == md5($_POST['password'])) {
> // do login
> }
>
> ?
>[/color]

it's the same thing..

--

iuz-lab.info - iuz lab Resources and Information.

https://www.iuz-lab.info

iuz-lab.info is your first and best source for information about iuz lab. Here you will also find topics relating to issues of general interest. We hope you find what you are looking for!

**Andy Hassall** · Jul 17 '05, 08:59 AM

Re: strcmp vs equal

On Mon, 4 Oct 2004 15:58:14 +0200, "Markus Ernst" <derernst@NO#SP #AMgmx.ch>
wrote:
[color=blue]
>I noticed in some examples to the encrypt functions of the PHP manual a
>syntax was used for password checks such as
>
>if (strcmp($userpa ssword, md5($_POST['password'])) == 0) {
> // do login
>}
>
>What is the advantage of this compared to
>
>if ($userpassword == md5($_POST['password'])) {
> // do login
>}[/color]

None as far as I'm aware.

strcmp would be more familiar for people from a C background (where == would
compare the pointers, not the contents of the strings, and so would be wrong in
most cases).

Perl people might not use == on strings as string compare is 'eq' in Perl, so
they may lean towards strcmp, perhaps.

--
Andy Hassall / <andy@andyh.co. uk> / <http://www.andyh.co.uk >
<http://www.andyhsoftwa re.co.uk/space> Space: disk usage analysis tool

**Markus Ernst** · Jul 17 '05, 08:59 AM

Re: strcmp vs equal

Thank you both for your answers!

--
Markus

**Chung Leong** · Jul 17 '05, 08:59 AM

Re: strcmp vs equal

"Markus Ernst" <derernst@NO#SP #AMgmx.ch> wrote in message
news:416156f8$0 $8107$afc38c87@ news.easynet.ch ...[color=blue]
> Hi
>
> I noticed in some examples to the encrypt functions of the PHP manual a
> syntax was used for password checks such as
>
> if (strcmp($userpa ssword, md5($_POST['password'])) == 0) {
> // do login
> }
>
> What is the advantage of this compared to
>
> if ($userpassword == md5($_POST['password'])) {
> // do login
> }
>[/color]

Well, in theory, the use of strcmp() is a little safer because you're always
comparing two strings. If for some reason $userpassword is set to an
integer, the MD5 would get casted into an integer for the purpose of
comparison.

Example:

$userpassword = 0;
if($userpasswor d == md5("Chicken")) {
echo "Chicken";
}

The condition would evaluate to true because the hash starts with the letter
'a', which becomes 0 when it's converted to integer.

**Daniel Tryba** · Jul 17 '05, 09:00 AM

Re: strcmp vs equal

Chung Leong <chernyshevsky@ hotmail.com> wrote:[color=blue]
> Well, in theory, the use of strcmp() is a little safer because you're always
> comparing two strings. If for some reason $userpassword is set to an
> integer, the MD5 would get casted into an integer for the purpose of
> comparison.[/color]

So wahts the difference between strcmp() and === :)

== should IMHO be used as little as possible, if one knows the types one
is comparing and these should match (like in most cases) === is the way
to go.

--

Daniel Tryba

strcmp vs equal

strcmp vs equal

Comment

Comment

Comment

Comment

Comment