我有一个正在运行的简单身份验证脚本,但我发现对于密码为 admin 的用户 admin,密码为 ADMIN 的用户 ADMIN 也可以登录。我如何使此脚本区分大小写。我也知道可以做的加密,以便密码不存储为文本,只需要弄清楚如何使这种情况区分大小写。
if($_SERVER['REQUEST_METHOD'] == "POST" && mysql_real_escape_string($_POST['username'])!="" && mysql_real_escape_string($_POST['password']) !="") { // receive form sent via POST method
$username = mysql_real_escape_string($_POST['username']); // prevent sql injection by using "mysql_real_escape_string()"
$password = mysql_real_escape_string($_POST['password']);
$data = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
if(mysql_num_rows($data) >0) { // if the query returns a result then create session variables to show user is authenticated
$_SESSION['logged'] = 1;
$_SESSION['user'] = $username;
}
}