We're a community of 1076K IT Pros here for help, advice, solutions, professional growth and fun. Join us!
1,075,716 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Start New Discussion Reply to this Discussion
Ad: IT Workforce Practices Survey
9 Months Ago
0

SQL validation of username and password

How does one validate username and password from sql database? I have used parameters in doing validating my database, but have noticed that username and passwords are being accepted when i type it straight out(EG. username= e001 , password=dave@road) , even though they have characters in capital letters(such as username=E001 , password=Dave@Road).

Here is my coding:

Private Sub btnlogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnlogin.Click
    Try
        If (txtuname.Text = "-") Or (txtuname.Text = "0") Or (txtuname.Text = "") Or (txtpass.Text = "0") Or (txtpass.Text = "-") Or (txtpass.Text = "") Then
            pberror.Visible = True
            pberror2.Visible = True
            MessageBox.Show("Invalid Entry", "ErrorMessageBox", MessageBoxButtons.OK, MessageBoxIcon.Error)
            txtuname.Text = ""
            txtpass.Text = ""
            pberror.Visible = False
            pberror2.Visible = False
            Return
        End If
        empeid = txtuname.Text
        DatasetLogin1.Clear()
        sqldLoginadapter.SelectCommand.Parameters("@eid").Value = txtuname.Text
        sqldLoginadapter.SelectCommand.Parameters("@epass").Value = txtpass.Text
        sqldLoginadapter.Fill(DatasetLogin1, "empdetails")
        If (DatasetLogin1.Tables("empdetails").Rows.Count > 0) Then
            pberror.Visible = False
            pberror2.Visible = False
            pbright.Visible = True
            pbright2.Visible = True
            MessageBox.Show("Login Successfull! Welcome Employee: " & empeid, "MessageBox", MessageBoxButtons.OK, MessageBoxIcon.Information)
            empeid = lblename.Text
            PDL_Main_Menu.NameStrip.Text = empeid
            Me.Hide()
            PDL_Main_Menu.Show()
        Else
            pberror.Visible = True
            pberror2.Visible = True
            MessageBox.Show("Not Registered Employee Details!. Please Try Again", "ErrorMessageBox", MessageBoxButtons.OK, MessageBoxIcon.Error)
            txtuname.Text = ""
            txtpass.Text = ""
            pberror.Visible = False
            pberror2.Visible = False
            Return
        End If
    Catch con As SqlClient.SqlException
        MessageBox.Show("Error in the connection. Please try again later", "ErrorConnection", MessageBoxButtons.OK, MessageBoxIcon.Warning)
    End Try
End Sub

I have connected to my database using sqladapter through the wizard, and set my parameters for username and password .

Is there another simple way that i can do validations of username and password?

Thanks.

3
Contributors
4
Replies
1 Day
Discussion Span
9 Months Ago
Last Updated
6
Views
darthswift00
Junior Poster in Training
53 posts since Mar 2012
Reputation Points: 10
Solved Threads: 0
Skill Endorsements: 0
9 Months Ago
0

I think it is because you are usng a sqladapter and then checking for tables - you are getting a table back but does it actually contain data? Or is it empty?

I would use a SqlCommand object and run executescalar on it. Something like:

dim sSQL as string ="SELECT COUNT(UserID) FROM tblUsers WHERE (Userid = @id) AND (Password =@epass)"
dim cmd as new SQLCommand
dim UserCount as integer

with cmd
 .connection = MySqlConnectionObject
 .CommandType = Commandtype.Text
 .Text = sSQL
 .Parameters.AddWithValue("@id",txtUname.text)
 .Parameters.AddWithValue("@epass",txtPass.text)
 end with

 UserCount = cmd.ExecuteScalar

 If UserCount > 0 then
    'valid
else
    'invalid
End if

That way when you run executescalar on the command object you will get a zero back if it is not valid and a one back if it is - if you get a number larger than one your records have been duplicated...

G_Waddell
Practically a Master Poster
618 posts since Nov 2009
Reputation Points: 107
Solved Threads: 92
Skill Endorsements: 5
9 Months Ago
0

Hi thanks for the reply. There is data stored on my database, as it does pick up any of my username and passwords from there. If i type a random username and password thats not on my database, it doesnt pick it up.

My problem is that why doesnt it validate the exact username and password that contains capital letters instead of just reading the characters as is? eg: username = E001 and password is Tom@Danny.(It should validate that when user types his/her username and password , it must be exactly as it's stored in database)not validate it as such: username e001 password=tom@danny.

How to resolve this?

Thanks for your reply ill try this coding out. one thing i want to know, must i delete my sqladapter that i made using wizard when im using your coding? As i have parameters set there already or can i just modifie the sqladapter coding with your select statement?

darthswift00
Junior Poster in Training
53 posts since Mar 2012
Reputation Points: 10
Solved Threads: 0
Skill Endorsements: 0
9 Months Ago
0

SQL queries are normally case insensitive, however you can force a query to be case sensitive. In the following two queries, the first is case insensitive and the second is case sensitive

select * from myTable where myID = '34WASH'
select * from myTable where myID COLLATE Latin1_General_CS_AS = '34WASH'

If you want to set one or more columns to be case sensitive by default you can do

ALTER TABLE mytable 
    ALTER COLUMN mycolumn VARCHAR(50) 
    COLLATE Latin1_General_CS_AS 
GO

Change the table, column names and sizes as appropriate.

Reverend Jim
Carpe per diem
Moderator
3,590 posts since Aug 2010
Reputation Points: 561
Solved Threads: 445
Skill Endorsements: 32
9 Months Ago
0

I have a problem , as my employees id have a primary key check to them. Can i alter the table column like so:

Alter table empdetails
alter column empid varchar(10)primary key constraint chkempid Check
(empid Like ('E[0-9][0-9][0-9]'))
collate Latin1_General_CS_AS

My employees id's go as follows: E001 , E002 etc

darthswift00
Junior Poster in Training
53 posts since Mar 2012
Reputation Points: 10
Solved Threads: 0
Skill Endorsements: 0

This article has been dead for over three months: Start a new discussion instead

Post: Markdown Syntax: Formatting Help
 
You
Software Development > VB.NET
 
© 2013 DaniWeb® LLC
Page rendered in 0.0662 seconds using 2.68MB