sql strictly equals, is there something?

Question

Possible Duplicate:
SQL server ignore case in a where expression

basically I need to check something like this

select * from users where name = @name, pass = @pass

the problem is that 'pass' = 'pAsS'

is there something more strict for string comparison in sql (ms sql-server)

score 7 · Accepted Answer · answered Jun 14 '10 at 07:39

7

It's down to your collation, which it would seem is case insensitive. For example, the standard collation is Latin1_General_CI_AS, where the CI means case insensitive. You can force a different collaction for a different comparison:

select  *
from    users
where   name = @name
and     pass COLLATE Latin1_General_CS_AS = @pass COLLATE Latin1_General_CS_AS

Incidentally, you shouldn't be storing passwords in your database - you should be salting and hashing them.

answered Jun 14 '10 at 07:39

David M

71,481
13
158
186

1

Still, when comparing the hashed passwords, the comparison should be case sensetive. :) – Guffa Jun 14 '10 at 07:43
3

Yes indeed - case sensitive binary! – David M Jun 14 '10 at 07:48
thumbed up but yes case sensitivity in hashed as well is required – Demetris Leptos Nov 10 '17 at 18:21

score 3 · Answer 2 · answered Jun 14 '10 at 07:53

As several others have already posted you can use collations in your query or change the collation of your "pass" column to be case sensitive. You may also change your query to use the VARBINARY type instead of changing collation:

SELECT * FROM users 
WHERE name = @name
AND pass = @pass
AND CAST(pass AS VARBINARY(50)) = CAST(@pass AS VARBINARY(50))

Note that I left in the pass = @pass clause. Leaving this line in the query allows SQL Server to use any index on the pass column.

score 1 · Answer 3 · answered Jun 14 '10 at 07:39

1

You need to use a case sensitive collation for the comparison:

SELECT * FROM users 
WHERE name = @name, pass = @pass
COLLATE  SQL_Latin1_General_Cp1_CS_AS

See this article for more details.

answered Jun 14 '10 at 07:39

Oded

489,969
99
883
1,009

score 1 · Answer 4 · answered Jun 14 '10 at 07:39

1

It's all to do with database collation.

This should help you:

select * from users where name = @name, pass = @pass COLLATE SQL_Latin1_General_CP1_CS_AS

There is some information here regarding collations in SQL Server

answered Jun 14 '10 at 07:39

codingbadger

42,678
13
95
110

score 1 · Answer 5 · answered Jun 14 '10 at 07:40

1

For case sensitive you need to specify the collation in your query. Something like:

select * from users where name = @name, pass = @pass COLLATE SQL_Latin1_General_Cp1_CS_AS

answered Jun 14 '10 at 07:40

Adrian Fâciu

12,414
3
53
68

score 1 · Answer 6 · answered Jun 14 '10 at 08:40

1

Use a binary collation to ensure an exact match.

WHERE pass = @pass COLLATE Latin1_General_BIN

answered Jun 14 '10 at 08:40

Anthony Faull

17,549
5
55
73

sql strictly equals, is there something?

6 Answers6