String comparison
-
In stored procedure i used a query "select Password from tblUser where username='User1' and password='Password' the reselt is 'Password' But at the backend the value of Password is 'password' (that is small letters. Since password validation needs case sensitive validation how am i supposed to used string comparator. Else is there any other option
ItsMe
-
In stored procedure i used a query "select Password from tblUser where username='User1' and password='Password' the reselt is 'Password' But at the backend the value of Password is 'password' (that is small letters. Since password validation needs case sensitive validation how am i supposed to used string comparator. Else is there any other option
ItsMe
-
If you are using SQL 2005, you can use HashBytes function to calculate a hashing value of password then compare two hashing values. If you use SQL 2000, you can use BINARY_CHECKSUM function instead of.
I am using SQL 2000. i this function is quite complicated one. I just wanted to return true by comparing the below string string1='User1' string2='User1' string3='user1' (here the character 'u' is small) true when string1 and string2 are compared false when string 3 is compared with either string1 or string2
ItsMe
-
In stored procedure i used a query "select Password from tblUser where username='User1' and password='Password' the reselt is 'Password' But at the backend the value of Password is 'password' (that is small letters. Since password validation needs case sensitive validation how am i supposed to used string comparator. Else is there any other option
ItsMe
select Password from tblUser where username='User1' and cast(password as binary)=cast('Password' as binary)Run this little test in the SQL Query Analyzer:declare @cTest1 varchar(10)
declare @cTest2 varchar(10)select @cTest1 = 'test'
select @cTest2 = 'Test'if (@cTest1 = @cTest2)
print 'They are equal as varchar'
else
print 'They are NOT equal as varchar'if (cast(@cTest1 as binary) = cast(@cTest2 as binary))
print 'They are equal as binary'
else
print 'They are NOT equal as binary'--EricDV Sig--------- Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them. - Laurence J. Peters
-
In stored procedure i used a query "select Password from tblUser where username='User1' and password='Password' the reselt is 'Password' But at the backend the value of Password is 'password' (that is small letters. Since password validation needs case sensitive validation how am i supposed to used string comparator. Else is there any other option
ItsMe
Your biggest problem is that you are storing plaintext passwords in a dababase table. Any hacker who compromises a single user login will have access to every username and password in the system...