Different hashes for (apparently) identical strings

StackOverflow https://stackoverflow.com/questions/22764457

Frage

I'm getting different hash values for database-retrieved string and same value submitted through html form.

What am I doing wrong?

database:

SET NAMES utf8;
SET foreign_key_checks = 0;
SET time_zone = '+05:30';
SET sql_mode = 'NO_AUTO_VALUE_ON_ZERO';

DROP TABLE IF EXISTS `fcb_task`;
CREATE TABLE `fcb_task` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `state` enum('unlocked','locked') CHARACTER SET latin1 NOT NULL,
  `task_specific_notes` text CHARACTER SET latin1,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=ascii;

INSERT INTO `fcb_task` (`id`, `state`, `task_specific_notes`) VALUES
(529,   'unlocked', 'INCLUDED USERS:ONE USER PER LINE:\n1001921: Sudhamayi  Gill\n1001931: Ananga  Gupta\n----------------------------------------------------------------\nDESCRIPTION:\n elit ac molestie praesent convallis etiam metus in, augue sapien praesent pulvinar imperdiet class. sed fringilla eget pellentesque ullamcorper tincidunt congue dolor aliquet nulla, rutrum varius tortor dapibus mi gravida a sociosqu, cras ut sed curabitur sodales nibh feugiat sit. ipsum felis nam neque ultricies nibh libero luctus magna, mi arcu hendrerit purus consectetur duis etiam. molestie feugiat hac per semper sapien nisi etiam mollis, est sagittis auctor aliquet curae per pellentesque. luctus dolor magna eros dapibus facilisis massa cras molestie pulvinar, consequat suscipit rhoncus quisque lorem nulla diam odio ac nulla, tristique fermentum ut tempor faucibus fringilla eleifend scelerisque. \r\n erat sodales litora laoreet cursus mattis turpis duis metus ut iaculis, ipsum habitant fusce dui morbi in elit dictumst nisi tellus iaculis, praesent auctor senectus habitant pulvinar augue etiam augue ut. ad accumsan nunc etiam platea tempor at, enim aenean ultrices eleifend litora ad donec, gravida eleifend quis fames non. ut massa feugiat elementum ipsum rhoncus eleifend elit nibh etiam, semper dictumst adipiscing pulvinar nunc torquent eleifend donec. porttitor in et mauris dui ullamcorper at et tellus at, praesent neque turpis nisl arcu elit etiam ut consectetur, platea mauris gravida ante posuere sed accumsan mauris.\r\n\r\nnostra dapibus leo facilisis, iaculis. \r\n ut congue taciti suspendisse praesent auctor mauris massa vulputate, euismod nam tempus massa donec ornare dui nisi eleifend, augue suspendisse pharetra lectus conubia potenti lorem. in ad consequat consectetur integer odio hac, ipsum lobortis fames dolor aenean urna dictumst, vitae porta rhoncus netus hendrerit. accumsan vestibulum accumsan potenti convallis ullamcorper diam molestie, aliquam amet placerat neque faucibus magna sociosqu, praesent turpis odio praesent bibendum semper. lacinia mauris tellus dolor turpis cursus cubilia condimentum, aliquet neque lacus habitasse ultricies eget, dictum inceptos tincidunt consectetur nisi egestas. imperdiet nisl congue etiam accumsan felis, aliquet ornare fringilla curae rutrum, pellentesque risus maecenas eget. ');][1]

weirdsha1.php

<?php
$conn = mysqli_connect('localhost','root','toor','problem') or die("Connection Failed");
$result = mysqli_query($conn,"SELECT `task_specific_notes` FROM `fcb_task` LIMIT 1") or die("query failed");
$task_specific_notes = null;
while($row = mysqli_fetch_assoc($result)){
    $task_specific_notes = $row['task_specific_notes'];
}

$post_SHA256 = 'Not calculated';
if($_SERVER['REQUEST_METHOD']=='POST'){
    $post_SHA256 = hash('sha256',$_POST['task_specific_notes']);
}


?>
<!DOCTYPE html>
<html>
<body>
<form method="post">
<textarea readonly="readonly" name="task_specific_notes" rows="15" cols="80"><?php echo $task_specific_notes;?></textarea>
<br>
<input type="submit">
</form>
<p>sha256 of database value: <?php echo hash('sha256',$task_specific_notes); ?></p>
<p>sha256 of string submitted :<?php if(isset($post_SHA256)) echo $post_SHA256; ?></p>
</body>
</html>

I think character encoding is involved, but can't figure the exact problem.

enter image description here

War es hilfreich?

Lösung

Take a look at the byte stream of the strings via

foo($_POST['task_specific_notes']);
foo($task_specific_notes);

function foo($s) {
    echo '<pre>';
    for($i=0;$i<strlen($s); $i++) {
        printf('%02X ', ord($s[$i]));
    }
    echo '</pre>';
}

The connection to the MySQL server has an encoding "attached" to it as well.
So if for example the input from the browser is utf-8 encoded but the MySQL connection uses latin-1 you can easily get differently encoded strings.

see also:

Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top