I'm doing some sqli challenges (overthewire.org, the natas web application challenges) and during one of the sqli challenges I encountered the following problem.
when I do compare substr(password,1,1)="a" it will ignore the case. So for example
Select * from users where username="user" and substr(password,1,1)='a'
will be true and so will be
Select * from users where username="user" and substr(password,1,1)='A'
If I use
`Select * from users where username="user" and ascii(substr(password,1,1))=ascii('a')`
instead everything works fine.
Does someone have information why it is implemented that way? is this the default mysql behaviour? Best