In case of SQL Server:
string query = "select count(*) from login where userid=@userid and password=@Lee collate Latin1_General_CS_AS";
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Sir, I save my password in database is SAAmi@123 but if even enter in small letters saami@123 means its also logging in but it was not correct. please correct in my code pls
if (textBox9.Text != "" && textBox10.Text != "")
{
string connectionString;
MySqlConnection cnn;
connectionString = @"Data Source=localhost;Initial Catalog=testDB;User ID=root;Password=mysql";
cnn = new MySqlConnection(connectionString);
string id = textBox9.Text;
string password = textBox10.Text;
textBox9.Text = "";
textBox10.Text = "";
string query = "select count(*) from login where userid=@userid and password=@Lee ";
using (MySqlCommand cmd = new MySqlCommand(query))
{
cmd.Parameters.AddWithValue("@userid", id);
cmd.Parameters.AddWithValue("@Lee ", password);
cmd.Connection = cnn;
cnn.Open();
cmd.ExecuteNonQuery();
int result = Convert.ToInt32(cmd.ExecuteScalar());
var results = cmd.ExecuteReader();
DialogResult dr = MessageBox.Show("Are you sure to Login now?", "Confirmation", MessageBoxButtons.YesNo);
if (dr == DialogResult.Yes && result > 0)
{
MessageBox.Show("Login Successfully");
cnn.Close();
this.Hide();
Form2 f2 = new Form2();
f2.ShowDialog();
}
else
{
MessageBox.Show("Login Failed");
}
}
}
else
{
MessageBox.Show("Please Enter Correct Login details");
}
If this is a web application, MessageBox.Show() only shows on the server. It seems to work in development because your development machine is both the client and the server.
See BINARY operator.
The BINARY operator converts the expression to a binary string (a string that has the binary character set and binary collation). A common use for BINARY is to force a character string comparison to be done byte by byte using numeric byte values rather than character by character.
Your code seems okay.
However, Please check collation in database.
Comparisons are case-insensitive if the column uses a collation which ends with _ci (such as the default latin1_general_ci collation) and they are case-sensitive when the column uses a collation which ends with _cs or _bin (such as the utf8_unicode_cs and utf8_bin collations).
By Default, they are case-sensitive. To check, you can use below query.
mysql> SELECT table_schema, table_name, table_collation
FROM information_schema.tables WHERE table_name = `mytable`;
Additionally, you can update collation as shown below:
-- Change database collation
ALTER DATABASE `databasename` DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
-- or change table collation
ALTER TABLE `table` CONVERT TO CHARACTER SET utf8 COLLATE utf8_bin;
-- or change column collation
ALTER TABLE `table` CHANGE `Value`
`Value` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin;
You really should not be storing the actual passwords. This is a big security risk and would fail any security audit. You should be storing a one way hash of the passwords.