Password Casesensitive

Mohamed Rafi N 106 Reputation points
2022-03-26T09:00:59.013+00:00

Sir, I save my password in database is SAAmi@123 but if even enter in small letters saami@123 means its also logging in but it was not correct. please correct in my code pls

if (textBox9.Text != "" && textBox10.Text != "")
{
string connectionString;
MySqlConnection cnn;
connectionString = @"Data Source=localhost;Initial Catalog=testDB;User ID=root;Password=mysql";
cnn = new MySqlConnection(connectionString);
string id = textBox9.Text;
string password = textBox10.Text;
textBox9.Text = "";
textBox10.Text = "";
string query = "select count(*) from login where userid=@userid and password=@Lee ";
using (MySqlCommand cmd = new MySqlCommand(query))
{
cmd.Parameters.AddWithValue("@userid", id);
cmd.Parameters.AddWithValue("@Lee ", password);
cmd.Connection = cnn;
cnn.Open();
cmd.ExecuteNonQuery();
int result = Convert.ToInt32(cmd.ExecuteScalar());
var results = cmd.ExecuteReader();
DialogResult dr = MessageBox.Show("Are you sure to Login now?", "Confirmation", MessageBoxButtons.YesNo);
if (dr == DialogResult.Yes && result > 0)
{
MessageBox.Show("Login Successfully");
cnn.Close();
this.Hide();
Form2 f2 = new Form2();
f2.ShowDialog();
}
else
{
MessageBox.Show("Login Failed");
}
}
}
else
{
MessageBox.Show("Please Enter Correct Login details");
}

Windows Forms
Windows Forms
A set of .NET Framework managed libraries for developing graphical user interfaces.
1,863 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,483 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Viorel 113.8K Reputation points
    2022-03-26T10:06:26.003+00:00

    In case of SQL Server:

    string query = "select count(*) from login where userid=@userid and password=@Lee collate Latin1_General_CS_AS";

    1 person found this answer helpful.
    0 comments No comments

  2. AgaveJoe 26,671 Reputation points
    2022-03-26T10:33:50.207+00:00

    If this is a web application, MessageBox.Show() only shows on the server. It seems to work in development because your development machine is both the client and the server.

    0 comments No comments

  3. Karen Payne MVP 35,286 Reputation points
    2022-03-26T14:35:32.17+00:00

    See BINARY operator.

    The BINARY operator converts the expression to a binary string (a string that has the binary character set and binary collation). A common use for BINARY is to force a character string comparison to be done byte by byte using numeric byte values rather than character by character.

    0 comments No comments

  4. Rijwan Ansari 746 Reputation points MVP
    2022-03-26T15:00:25.083+00:00

    Hi @Mohamed Rafi N

    Your code seems okay.

    However, Please check collation in database.

    Comparisons are case-insensitive if the column uses a collation which ends with _ci (such as the default latin1_general_ci collation) and they are case-sensitive when the column uses a collation which ends with _cs or _bin (such as the utf8_unicode_cs and utf8_bin collations).
    By Default, they are case-sensitive. To check, you can use below query.

    mysql> SELECT table_schema, table_name, table_collation   
           FROM information_schema.tables WHERE table_name = `mytable`;  
    

    Additionally, you can update collation as shown below:

    -- Change database collation  
    ALTER DATABASE `databasename` DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;  
      
    -- or change table collation  
    ALTER TABLE `table` CONVERT TO CHARACTER SET utf8 COLLATE utf8_bin;  
      
    -- or change column collation  
    ALTER TABLE `table` CHANGE `Value`   
        `Value` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin;  
    
    0 comments No comments

  5. Bruce (SqlWork.com) 59,051 Reputation points
    2022-03-26T15:21:02.62+00:00

    You really should not be storing the actual passwords. This is a big security risk and would fail any security audit. You should be storing a one way hash of the passwords.

    0 comments No comments