我想检查用户名和密码的大小写敏感性，同时检查它们是否存在于数据库中？ [英] I WANT check case sensitivity for my username and password while checking whether they exist in database or not?

问题描述

如果用户名是Sai和SAi，则接受..对于两个用户名都视为相同

如果密码为SAI1 @
/>
sai1 @

它的处理方式相同



我的尝试：

its accepting if username is Sai and SAi ..its treating as same for both username
the same scenario is happening with password
if password is SAI1@
sai1@
its treating as same

What I have tried:

SqlCommand cmd = new SqlCommand("SELECT * FROM VEL_EXISTING_USERDTLS  WHERE USER_NAME = '" + textBox1.Text + "' AND PASSWORD = '" + textBox2.Text + " '", con);

                   cmd.Parameters.AddWithValue("@USER_NAME", textBox1.Text);
                   cmd.Parameters.AddWithValue("@PASSWORD", textBox2.Text);
                   SqlDataReader dr = cmd.ExecuteReader();
                   if (dr.Read())
                   {
                       this.Hide();
                       Form4 f = new Form4();
                       f.Show();
                   }
                   else
                   {
                       MessageBox.Show("invalid login");
                   }
               }
               else
               {
                   MessageBox.Show("USERNAME COULD NOT BE EMPTY");
               }

           }

推荐答案

如果您使用的是SQL Server，那么COLLATION可以帮助这方面。

尝试类似的事情 -

If you are using SQL Server then COLLATION can help in this regard.
Try something like-

SqlCommand cmd = new SqlCommand("SELECT * FROM VEL_EXISTING_USERDTLS  WHERE USER_NAME = '" + textBox1.Text + "' COLLATE SQL_Latin1_General_CP1_CS_AS AND PASSWORD = '" + textBox2.Text + "' COLLATE SQL_Latin1_General_CP1_CS_AS", con);

For进一步阅读，检查以下链接 -

整理| Microsoft Docs [ ^ ]



重要提示：

您的查询容易受到SQL注入攻击。知道和预防非常关键。

您可以使用参数化查询或存储过程来避免这种情况。

请查看以下链接以获取更多信息 -

SQL注入攻击和一些提示如何预防他们 [ ^ ]

SQL注入攻击，其示例以及ASP.Net中的预防机制和技术 [ ^ ]



希望，它有帮助：）

For further reading, check following link-
Collations | Microsoft Docs[^]

IMPORTANT:
Your query is vulnerable to SQL Injection. That's very critical to know and prevent.
You can use either parameterised query or stored procedure to avoid that.
Please check following links for more information-
SQL Injection Attacks and Some Tips on How to Prevent Them[^]
SQL Injection Attack, its examples and Prevention mechanisms and Techniques in ASP.Net[^]

Hope, it helps :)

如果存在，为什么要检查数据库中的密码？这不是'KEY'值。如果不是你的数据库中有错误。



如果存在，用户名是唯一可以验证的。我建议你不要同时验证。

Why would you check passwords in database if exist? This is not a 'KEY' value. If it is than you have a mistake in your database.

The username is the only thing you can verify if exist. I would advice you to not verify on both.

 SqlCommand cmd = new SqlCommand(

SELECT * FROM VEL_EXISTING_USERDTLS WHERE USER_NAME ='{textBox1 .Text}'）
SqlDataReader dr = cmd.ExecuteReader（）;

if（dr.HasRows）
{
//正在使用中。
}

"SELECT * FROM VEL_EXISTING_USERDTLS WHERE USER_NAME = '{textBox1.Text}'") SqlDataReader dr = cmd.ExecuteReader(); if(dr.HasRows) { //in use. }

这篇关于我想检查用户名和密码的大小写敏感性，同时检查它们是否存在于数据库中？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！