469,578 Members | 1,742 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,578 developers. It's quick & easy.

strcmp vs equal

Hi

I noticed in some examples to the encrypt functions of the PHP manual a
syntax was used for password checks such as

if (strcmp($userpassword, md5($_POST['password'])) == 0) {
// do login
}

What is the advantage of this compared to

if ($userpassword == md5($_POST['password'])) {
// do login
}

?

--
Markus
Jul 17 '05 #1
5 3823
iuz
Markus Ernst wrote:
Hi

I noticed in some examples to the encrypt functions of the PHP manual a
syntax was used for password checks such as

if (strcmp($userpassword, md5($_POST['password'])) == 0) {
// do login
}

What is the advantage of this compared to

if ($userpassword == md5($_POST['password'])) {
// do login
}

?


it's the same thing..

--
www.iuz-lab.info
Jul 17 '05 #2
On Mon, 4 Oct 2004 15:58:14 +0200, "Markus Ernst" <derernst@NO#SP#AMgmx.ch>
wrote:
I noticed in some examples to the encrypt functions of the PHP manual a
syntax was used for password checks such as

if (strcmp($userpassword, md5($_POST['password'])) == 0) {
// do login
}

What is the advantage of this compared to

if ($userpassword == md5($_POST['password'])) {
// do login
}


None as far as I'm aware.

strcmp would be more familiar for people from a C background (where == would
compare the pointers, not the contents of the strings, and so would be wrong in
most cases).

Perl people might not use == on strings as string compare is 'eq' in Perl, so
they may lean towards strcmp, perhaps.

--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
Jul 17 '05 #3
Thank you both for your answers!

--
Markus
Jul 17 '05 #4

"Markus Ernst" <derernst@NO#SP#AMgmx.ch> wrote in message
news:41**********************@news.easynet.ch...
Hi

I noticed in some examples to the encrypt functions of the PHP manual a
syntax was used for password checks such as

if (strcmp($userpassword, md5($_POST['password'])) == 0) {
// do login
}

What is the advantage of this compared to

if ($userpassword == md5($_POST['password'])) {
// do login
}


Well, in theory, the use of strcmp() is a little safer because you're always
comparing two strings. If for some reason $userpassword is set to an
integer, the MD5 would get casted into an integer for the purpose of
comparison.

Example:

$userpassword = 0;
if($userpassword == md5("Chicken")) {
echo "Chicken";
}

The condition would evaluate to true because the hash starts with the letter
'a', which becomes 0 when it's converted to integer.

Jul 17 '05 #5
Chung Leong <ch***********@hotmail.com> wrote:
Well, in theory, the use of strcmp() is a little safer because you're always
comparing two strings. If for some reason $userpassword is set to an
integer, the MD5 would get casted into an integer for the purpose of
comparison.


So wahts the difference between strcmp() and === :)

== should IMHO be used as little as possible, if one knows the types one
is comparing and these should match (like in most cases) === is the way
to go.

--

Daniel Tryba

Jul 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

6 posts views Thread by muser | last post: by
3 posts views Thread by jl_post | last post: by
11 posts views Thread by Eirik | last post: by
10 posts views Thread by lchian | last post: by
36 posts views Thread by Chuck Faranda | last post: by
6 posts views Thread by kevin | last post: by
47 posts views Thread by fishpond | last post: by
reply views Thread by suresh191 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.