登录页面capslock错误不区分大小写 [英] Login page capslock error case insensitive
问题描述
您好..
我在asp.net c#中有一个登录页面,其中包含两个文本区域
用户名:
密码:
在我的数据库中,我将用户名和密码分别保存为
admin和admin小写.. < br $> b $ b
当我在文本字段中输入用户名admin和密码作为admin ...
成功登录
但我尝试输入
用户名为ADMIN
和
密码为管理员
在Capslock ie
它仍然成功登录...
我希望在文本字段中输入的案例应该与存储在数据库中的用户名和密码的案例相匹配
如何创建用户名和密码作为案例敏感..
我尝试过:
我的登录。 aspx.cs页面包含以下代码
受保护 void Loginbtn_Click( object sender,EventArgs e)
{
con.Open();
SqlCommand cmd = new SqlCommand( SELECT COUNT(*)FROM NEWADMIN WHERE admin_username =' + username.Text + ' AND admin_password =' + Password.Text + ',con);
int a = Convert.ToInt32(cmd.ExecuteScalar());
SqlCommand cmd1 = new SqlCommand( SELECT admin_id FROM NEWADMIN WHERE admin_username =' + username.Text + ',con);
会话[ admin_id] = cmd1.ExecuteScalar();
if (a > = 1 )
{
Response.Redirect( Homepage.aspx );
}
con.Close();
}
那里你可以做几件事。
1.按照@RyanDev的指导,使用区分大小写整理来比较字符串。
SqlCommand cmd = new SqlCommand( SELECT COUNT(*)FROM NEWADMIN WHERE admin_username COLLATE Latin1_General_CS_AS =' + username.Text + 'AND admin_password COLLATE Latin1_General_CS_AS =' + Password.Text + ',con);
如何在WHERE子句中进行区分大小写的搜索(我使用的是SQL Server)? - 堆栈溢出 [ ^ ]
一旦你获得#1工作,你的编码精神就会提升,并开始探索以下内容。
2.更改表格更改列的整理
SQL SERVER - 整理 - 区分大小写的SQL查询搜索 - 旅程使用Pinal Dave的SQL权限 [ ^ ]
3.在代码中使用参数化查询以最小化SQL注入可能性
如何:执行参数化查询 [ ^ ]
4.尊重用户数据。按照@hdnjith的建议,加密/哈希密码
Salted Password Hashing - 正确行事 [ ^ ]
很可能您可能需要更改保存用户名/密码的方式。
你有没有使用任何密码加密方法?如果没有尝试下面,
在表中创建一个列来存储密码并将其数据类型设置为varbinary(500)
如果您使用存储过程保存数据,可以通过加密来保存密码,如下所示,
< span class =code-keyword> DECLARE @ Plaintext nvarchar ( 500 )
SET @ Plaintext = @ in_Password
set @ Plaintext = HashBytes(' MD5', @ Plaintext )
@in_Password是您提供的密码字段。并将其插入
INSERT INTO 用户
(密码)
VALUES
( @Plaintext )
或
INSERT INTO 用户
(密码)
VALUES
(HashBytes(' MD5', @ in_Password )
用户登录事件比较密码为
SELECT * FROM 用户
WHERE UserName = @ UserName
AND password = HashBytes(' MD5', @ password )
Hello..
I have a login page in asp.net c# which contains two textfields
Username :
Password :
In my database, i have stored username and password as
admin and admin respectively in lowercase..
When i enter the username as admin and password as admin in the textfields...
It successfully logs in
However i tried entering
Username as ADMIN
And
Password as ADMIN
In Capslock i.e.
It still successfully logged in...
I want that the case entered in the textfields should match with that of the username and password stored in Database
How do i make username and password as case sensitive..
What I have tried:
My Login.aspx.cs page has the following code
protected void Loginbtn_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM NEWADMIN WHERE admin_username='" + username.Text + "' AND admin_password='" + Password.Text + "'", con);
int a = Convert.ToInt32(cmd.ExecuteScalar());
SqlCommand cmd1 = new SqlCommand("SELECT admin_id FROM NEWADMIN WHERE admin_username='" + username.Text + "'", con);
Session["admin_id"] = cmd1.ExecuteScalar();
if (a >= 1)
{
Response.Redirect("Homepage.aspx");
}
con.Close();
}
There are several things you can do.
1. Follow the guidance from @RyanDev, use Case Sensitive collation to compare the string.
SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM NEWADMIN WHERE admin_username COLLATE Latin1_General_CS_AS='" + username.Text + "' AND admin_password COLLATE Latin1_General_CS_AS='" + Password.Text + "'", con);
How to do a case sensitive search in WHERE clause (I'm using SQL Server)? - Stack Overflow[^]
Once you got #1 to work, your coding spirit will rise, and start to explore the following.
2. Alter the table change the collation of the column(s)
SQL SERVER - Collate - Case Sensitive SQL Query Search - Journey to SQL Authority with Pinal Dave[^]
3. Use Parameterized Query in the code to minimize SQL injection possibility
How to: Execute a Parameterized Query[^]
4. Respect the user data. Follow the suggestion from @hdnjith, encrypt/hash the password
Salted Password Hashing - Doing it Right[^]
Most probably you may have to change the way that you saving your username/password.
have you use any password encryption method? if no try below,
create a column in your table to store password and set its data type to varbinary(500)
if you are using stored procedure to save your data you can save password by encrypting like below,
DECLARE @Plaintext nvarchar(500) SET @Plaintext = @in_Password set @Plaintext = HashBytes('MD5', @Plaintext)
@in_Password is the password field that you provide. and insert it as
INSERT INTO Users (Password) VALUES (@Plaintext)
OR
INSERT INTO Users (Password) VALUES (HashBytes('MD5', @in_Password)
in user login event compare password as
SELECT * FROM User WHERE UserName=@UserName AND password=HashBytes('MD5', @password)
这篇关于登录页面capslock错误不区分大小写的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
