Problem with the case of letters when using User defined function

Question

0.00/5 (No votes)

See more:

Hello!!

I have created a user defined function(Scaler function) in sql server 2008. It returns me an integer value based on the query. The problem that i am facing is that it is reading Both "Admin" & "admin" as same value and then returning me the wrong output. Here is the function

SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO

ALTER FUNCTION [dbo].[UFNLogin] 
(
	@UserName varchar(30),@UPassword nvarchar(max)
)
RETURNS int 
AS
BEGIN
declare @Exists as int 
	if (Select count(ID)from Users where UserName=@UserName and UPassword=@UPassword)>1
set @Exists =1
else
Set @Exists=0	
return	@Exists
END

For example that if i enter user name "Jack" and Password "Admin" which is in the database, then it is returning 1 output but if i enter "Jack" ,"admin" then also it is returning me 1 as output whereas admin is not in the database.

Posted 27-Mar-12 21:10pm

ujjwal uniyal

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2012-03-27T21:17:00

Solution 1

You can do it by forcing the COLLOTAION to case sensitive:

SQL

SELECT COUNT(ID) FROM Users WHERE UserName=@UserName AND UPassword=@UPassword COLLATE SQL_Latin1_General_CP1_CS_AS

But, you should not be doing it that way in the first place.
Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

Posted 27-Mar-12 21:17pm

OriginalGriff

Comments

ujjwal uniyal 28-Mar-12 4:59am

Thanks Sir,

It helped a lot ... :)

OriginalGriff 28-Mar-12 5:26am

You're welcome!