Case Sensitive SQL Query

Results 1 to 3 of 3

Thread: Case Sensitive SQL Query

  1. #1
    Join Date
    Dec 1969

    Default Case Sensitive SQL Query

    in order to retrieve password<BR>select password from login where password = & password<BR><BR>how to create Case Sensitive SQL Query <BR>thx

  2. #2
    Join Date
    Dec 1969

    Default Can't do it in the query...

    *IF* you are using SQL Server, then I think you can set case sensitivity on a per table or even per column basis.<BR><BR>But if you are using Access, you can&#039;t.<BR><BR>What you *can* is this:<BR><BR>&#060;%<BR>SQL = "SELECT [user],[password] FROM login WHERE [user]=&#039;" & username & "&#039; AND [password]=&#039;" & pw & "&#039;"<BR>Set RS = conn.Execute( SQL )<BR><BR>badUser = False &#039; assume user name and password are okay...<BR>If RS.EOF Then<BR>&nbsp; &nbsp; badUser = true<BR>Else<BR>&nbsp; &nbsp; If RS("user") &#060;&#062; username OR RS("password") &#060;&#062; pw Then badUser = True<BR>End If<BR><BR>If badUser Then<BR>&nbsp; &nbsp; Response.Write "That username and/or password is invalid. Try again."<BR>&nbsp; &nbsp; Response.End<BR>End If<BR><BR>%&#062;<BR><BR>Note that I do *NOT* tell them whether it was the username or the password that was wrong. It&#039;s a bad idea to let a hacker know that the username he guessed was okay. Now all he has to do is try various passwords to try to break in.<BR><BR>If he doesn&#039;t know whether it was the username or the password that was bad, it&#039;s harder to hack in.<BR><BR>

  3. #3
    Join Date
    Dec 1969

    Default Can do it in the query...

    if you use SQL Server:<BR><BR>SELECT UsernName, [password] FROM UserTable<BR>WHERE Convert(Varbinary,[password]) = Convert(Varbinary,@password) and username = @username<BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts