hello,

I am designing a web site using ASP.Net over VB , and I need to have user login window, I 've had it from the control and the users specified from the ASP.net configuration but : I wonder if I can bind users from a table containing usernames and passwords in my SQL database connected to my site?

please urgent help is needed

even a website I can have benefit

you want to bind users from database to the Web.config file ?

why not when the login button is pressed perform sql statement "SELECT userid FROM users WHERE username = 'JOE BLOGGS' AND password = '123'"

then if a result is returned they are the correct user ? Theres not much point in binding a user to the config file at runtime.

Yeah the way that you explained it is very difficult to understand. What do you mean binding the table from the database to your site? Just do a simple search and compare passwords. If it is successful, the user can login. Do this with the scalar method then compare the passwords with

string.compare(password, retrievedpassword, False)

If it returns zero, then you have a match, otherwise -1 or 1 will be a failure. Do something like this:

if (String.Compare(strPassword, strScalarRetrievedInfo, False)) = 0 then
'do your success login here
else
'failed login code here
end if

Keep this in mind, if.. end if statements are faster than Select Case statements. However, if.. elseif.. end if statements are SLOWER than Select Case statements.

So if you are only looking for one value like the above code, use if.. end if. If you are looking for different ones, avoid elseif and use select case methods because it is drastically faster when using many of them.

Keep this in mind, if.. end if statements are faster than Select Case statements. However, if.. elseif.. end if statements are SLOWER than Select Case statements.

So if you are only looking for one value like the above code, use if.. end if. If you are looking for different ones, avoid elseif and use select case methods because it is drastically faster when using many of them.

It's faster? Really? Has someone benchmarked this? I'd be willing to bet that the compiler takes a Select Case and turns it into an if-elseif-else chain.

That said, if you're using a database, then you just need to run a select statement like Fungus said and see if you get a result. That way you don't need a case for every user on your site.

I'd be willing to bet that the compiler takes a Select Case and turns it into an if-elseif-else chain.

INFARCTION is correct this is exactly what happens. the syntax required is just considerably less

http://www.blackwasp.co.uk/SpeedTestIfElseSwitch.aspx

Oh, you got told.

The reason why the Select statement is faster is listed in the article. Yes it compiles the same, but a select case can be reordered any way the compiler wishes, while the if.. else statement cannot. This means that it has to go through every if else to find the right one, where it can pull the only case that is correct. Take a look, the time is considerably faster!

and the problem with searching a user the way Fungus has explained is that the user's password is not case sensitive. Do a test. Make the user's pass UserCaseSenseTest and try to get a result with: usercasesensetest

You will get a result, even though the cases are different.

By executing a scalar and retrieving the pass (if there is a user, else this will not execute), you can then compare the strings with case-sensitivity.

As this has turned out to be an interesting learning experience, I may as well point out that the MSIL for the switch and the if-elseif are different. Apparently, switch is directly supported in MSIL.

That said, such a minor optimization is silly to worry about. :P

And for a login system, a database query really is the best easiest way to do it, especially if you already have a DB in place.

*exeunts gracefully*

Yeah, although it is faster, it is really minimal on a moderate level. The only time you would see a difference is when you are doing more loops then you would ever do in real life. I mean, out of 1 billion loops, you would see a 5 second time improvement.

and the problem with searching a user the way Fungus has explained is that the user's password is not case sensitive. Do a test. Make the user's pass UserCaseSenseTest and try to get a result with: usercasesensetest

You will get a result, even though the cases are different.

By executing a scalar and retrieving the pass (if there is a user, else this will not execute), you can then compare the strings with case-sensitivity.

no one would sensibly store a plain text password in a database.
it would have some level of encryption and this would usually deal with the case sensitivity as and encryption would generate different values for upper/lower case.

This article has been dead for over six months. Start a new discussion instead.