By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,722 Members | 1,227 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,722 IT Pros & Developers. It's quick & easy.

strcmp vs equal

P: n/a
Hi

I noticed in some examples to the encrypt functions of the PHP manual a
syntax was used for password checks such as

if (strcmp($userpassword, md5($_POST['password'])) == 0) {
// do login
}

What is the advantage of this compared to

if ($userpassword == md5($_POST['password'])) {
// do login
}

?

--
Markus
Jul 17 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
iuz
Markus Ernst wrote:
Hi

I noticed in some examples to the encrypt functions of the PHP manual a
syntax was used for password checks such as

if (strcmp($userpassword, md5($_POST['password'])) == 0) {
// do login
}

What is the advantage of this compared to

if ($userpassword == md5($_POST['password'])) {
// do login
}

?


it's the same thing..

--
www.iuz-lab.info
Jul 17 '05 #2

P: n/a
On Mon, 4 Oct 2004 15:58:14 +0200, "Markus Ernst" <derernst@NO#SP#AMgmx.ch>
wrote:
I noticed in some examples to the encrypt functions of the PHP manual a
syntax was used for password checks such as

if (strcmp($userpassword, md5($_POST['password'])) == 0) {
// do login
}

What is the advantage of this compared to

if ($userpassword == md5($_POST['password'])) {
// do login
}


None as far as I'm aware.

strcmp would be more familiar for people from a C background (where == would
compare the pointers, not the contents of the strings, and so would be wrong in
most cases).

Perl people might not use == on strings as string compare is 'eq' in Perl, so
they may lean towards strcmp, perhaps.

--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
Jul 17 '05 #3

P: n/a
Thank you both for your answers!

--
Markus
Jul 17 '05 #4

P: n/a

"Markus Ernst" <derernst@NO#SP#AMgmx.ch> wrote in message
news:41**********************@news.easynet.ch...
Hi

I noticed in some examples to the encrypt functions of the PHP manual a
syntax was used for password checks such as

if (strcmp($userpassword, md5($_POST['password'])) == 0) {
// do login
}

What is the advantage of this compared to

if ($userpassword == md5($_POST['password'])) {
// do login
}


Well, in theory, the use of strcmp() is a little safer because you're always
comparing two strings. If for some reason $userpassword is set to an
integer, the MD5 would get casted into an integer for the purpose of
comparison.

Example:

$userpassword = 0;
if($userpassword == md5("Chicken")) {
echo "Chicken";
}

The condition would evaluate to true because the hash starts with the letter
'a', which becomes 0 when it's converted to integer.

Jul 17 '05 #5

P: n/a
Chung Leong <ch***********@hotmail.com> wrote:
Well, in theory, the use of strcmp() is a little safer because you're always
comparing two strings. If for some reason $userpassword is set to an
integer, the MD5 would get casted into an integer for the purpose of
comparison.


So wahts the difference between strcmp() and === :)

== should IMHO be used as little as possible, if one knows the types one
is comparing and these should match (like in most cases) === is the way
to go.

--

Daniel Tryba

Jul 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.