Keeping text upper and lower case in MySql

Question

I understand the title can be confusing, was having trouble wording it. If Someone can come up with a better phrasing, feel free to change it.

When I pass in values to the database in MySQL, the 'case' of the text is passed in all well and good, as well as when I retrieve it, So for example:

Stored in the Db, and when retrieved:

Username: Ben
Password: PassWord

But when I query it, I can search for

SELECT * FROM TableName WHERE Username = 'ben' AND Password = 'password';

And there is no restriction on font case. Is there a way to set it so that if the above query is used, it will return nothing, but if I use

SELECT * FROM TableName WHERE Username = 'Ben' and Password = 'PassWord';

ONLY this will return the data?

Answer 1

The term you're looking for is "Case sensitivity". This can be accomplished in MySQL using collation or in C# using the StringInstance.Equals method with it's optional StringComparison parameter. Usually programming languages are case-sensitive in string comparisons and database query languages are case insensitive (more properly, default collation is case-insensitive) so this can be quite confusing.

If you want to do this in the SQL Query itself, you'll want to collate the string in your query.

Example:

SELECT * FROM table WHERE Password = 'PassWord' COLLATE utf8_bin

See related SO question (in PHP, but still using MySQL)

If you are generating the query from, say, EntityFramework, you will want to want to use an somestring.Equals(someOtherString) method with StringComparsion.Ordinal.

Example:

MyObject obj = someQueryable.FirstOrDefault(q => q.Password.Equals("PassWord", StringComparison.Ordinal));

This will cause the generated query to contain the proper collation code.

Answer 2

If you want to compare String case sensitive then use Collation latin1_bin. Default Collation is latin1_swedish_ci which is case insensitive.

SELECT * FROM 
       TableName 
              WHERE Username COLLATE latin1_bin = 'Ben' 
               AND Password COLLATE latin1_bin = 'PassWord';

Try this

Answer 3

Sorry to mix it up:

First it's a very very bad idea to store your passwords in plain-text, because if your server get's compromised, all you user-passwords can be used to hijack user's accounts elsewhere.

You can use a hash (yeah i know, it's compromised too, but a bit more secure):

 SELECT * FROM table WHERE Username = 'Ben' AND Password = SHA1('PassWord')

Then you have to insert it, for sure, as sha1-hash!

The Problem with that is, that the password will EVER STAY case-sensitive, at least if you won't lower/uppercase it BEFORE insertation.

INSERT INTO table (Username, Password) VALUES ('Ben', SHA1(LOWER('PassWord'));
SELECT * FROM table WHERE Username = 'Ben' AND Password =  SHA1(LOWER('PassWord')); 

Will work, but it reduces hash entropy, since the character-set is limited to lower-case alpha. You should avoid that too.

Clear: Use Hasing for password and leave it CASE SENSITIVE.

For Username Case-sensivity try:

SELECT * FROM table WHERE LOWER(Username) = LOWER('BeN');