why does sql comparison ignore case

Question

I'm doing some sqli challenges (overthewire.org, the natas web application challenges) and during one of the sqli challenges I encountered the following problem.

when I do compare substr(password,1,1)="a" it will ignore the case. So for example

Select * from users where username="user" and substr(password,1,1)='a'

will be true and so will be

Select * from users where username="user" and substr(password,1,1)='A'

If I use

`Select * from users where username="user" and ascii(substr(password,1,1))=ascii('a')`

instead everything works fine.

Does someone have information why it is implemented that way? is this the default mysql behaviour? Best

thanks, the later is basically the answer I was looking for. — Zapho Oxx, Aug 01 '19 at 14:49

score 4 · Answer 1 · answered Aug 01 '19 at 14:46

4

In a nutshell you can specify a collation that the database will use and most default to a case insensitive collation, hence it ignores case when comparing text.

https://dev.mysql.com/doc/refman/8.0/en/charset-general.html

answered Aug 01 '19 at 14:46

Ben Bancroft

95
9

why does sql comparison ignore case

1 Answers1