I WANT check case sensitivity for my username and password while checking whether they exist in database or not?

Question

1.00/5 (3 votes)

See more:

its accepting if username is Sai and SAi ..its treating as same for both username
the same scenario is happening with password
if password is SAI1@
sai1@
its treating as same

What I have tried:

SqlCommand cmd = new SqlCommand("SELECT * FROM VEL_EXISTING_USERDTLS  WHERE USER_NAME = '" + textBox1.Text + "' AND PASSWORD = '" + textBox2.Text + " '", con);

                   cmd.Parameters.AddWithValue("@USER_NAME", textBox1.Text);
                   cmd.Parameters.AddWithValue("@PASSWORD", textBox2.Text);
                   SqlDataReader dr = cmd.ExecuteReader();
                   if (dr.Read())
                   {
                       this.Hide();
                       Form4 f = new Form4();
                       f.Show();
                   }
                   else
                   {
                       MessageBox.Show("invalid login");
                   }
               }
               else
               {
                   MessageBox.Show("USERNAME COULD NOT BE EMPTY");
               }

           }

Posted 2-May-17 0:38am

saimanisha

Updated 2-May-17 1:03am

Add a Solution

Comments

Richard MacCutchan 2-May-17 8:32am

Everything about that SQL statement is wrong. String concatenation and storing passwords in clear text.

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Suvendu Shekhar Giri · Answer 1 · 2017-05-02T00:45:00

If you are using SQL Server then COLLATION can help in this regard.
Try something like-

C#

SqlCommand cmd = new SqlCommand("SELECT * FROM VEL_EXISTING_USERDTLS  WHERE USER_NAME = '" + textBox1.Text + "' COLLATE SQL_Latin1_General_CP1_CS_AS AND PASSWORD = '" + textBox2.Text + "' COLLATE SQL_Latin1_General_CP1_CS_AS", con);

For further reading, check following link-
Collations | Microsoft Docs[^]

IMPORTANT:
Your query is vulnerable to SQL Injection. That's very critical to know and prevent.
You can use either parameterised query or stored procedure to avoid that.
Please check following links for more information-
SQL Injection Attacks and Some Tips on How to Prevent Them[^]
SQL Injection Attack, its examples and Prevention mechanisms and Techniques in ASP.Net[^]

Hope, it helps :)

Wessel Beulink · Answer 2 · 2017-05-02T00:49:00

Why would you check passwords in database if exist? This is not a 'KEY' value. If it is than you have a mistake in your database.

The username is the only thing you can verify if exist. I would advice you to not verify on both.

 SqlCommand cmd = new SqlCommand($"SELECT * FROM VEL_EXISTING_USERDTLS WHERE USER_NAME = '{textBox1.Text}'")
SqlDataReader dr = cmd.ExecuteReader(); 

if(dr.HasRows)
{
  //in use.
}

**Nirav Prabtani** · Answer 3 · 2017-05-02T01:03:00

You need to append

COLLATE Latin1_General_CS_AS

in your query

try this

SqlCommand cmd = new SqlCommand("SELECT * FROM VEL_EXISTING_USERDTLS  WHERE USER_NAME = '" + textBox1.Text + "' COLLATE Latin1_General_CS_AS  AND PASSWORD = '" + textBox2.Text + " '" COLLATE Latin1_General_CS_AS , con);

for more info

Collations | Microsoft Docs[^]

SQL SERVER - Collate - Case Sensitive SQL Query Search - Journey to SQL Authority with Pinal Dave[^]

NOTE: Instead of concatenation of a string use parameterized query or stored procedure to prevent SQL Injection

Let us know if you have any query or concern for same

I WANT check case sensitivity for my username and password while checking whether they exist in database or not?

3 solutions

Solution 1

Solution 2

Solution 3

Add your solution here

Preview 0