login page [Archive] - CodeGuru Forums

Click to See Complete Forum and Search --> : login page

cgpeng

December 20th, 2002, 01:29 PM

I can use this login page to log in to another page(MainFrame) successfully but got some problems. When i try to enter the username (which is not match the uppercase and lowercase with the data in database), i still can successfully log in. Why? Actually the username should be case sensitive. Can somebody help me? thanks.

==============================================

void jButton1_actionPerformed(ActionEvent e) {
String userid = jTextField1.getText(); //username
char[] passwd = jPasswordField1.getPassword(); //password
System.out.println( "User ID is : " + userid);

try
{
connection = getDBConnection();
String query = "SELECT * FROM UserInfo WHERE UserID= '"+ userid +"' AND Password= '"+ passwd +"'";
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery( query );
//displayResultSet ( resultSet );
resultSet.next();
String dbUserID = resultSet.getString("UserID");

if (dbUserID != null)
{
String dbUserPasswd = resultSet.getString("Password");
System.out.println("dbUserID: " + dbUserID);
System.out.println("dbUserPasswd: " + dbUserPasswd);
this.hide();
new MainFrameClass(); //to new page

}

else
{
System.out.println("dbUserID is null");
}
statement.close();
connection.close();
}
catch(SQLException sqlex)
{
System.out.println("DB Connection failed: " + sqlex);
//throw new SQLException("DB Connection failed");

}

dlorde

December 20th, 2002, 05:54 PM

This looks like a SQL question. If it's MS SQL Server, try Case-sensitive comparisons (http://www.microsoft.com/sql/techinfo/tips/administration/casesensitive.asp) and SQL Server Magazine (http://www.sqlmag.com/forums/messageview.cfm?catid=6&threadid=7824). Otherwise try SQL Guru (http://www.4guysfromrolla.com/ASPscripts/PrintPage.asp?REF=/webtech/sqlguru/q022400-1.shtml).

cgpeng

December 20th, 2002, 09:28 PM

thanks for the reply. actually the database i'm using is Microsoft Access not SQL server, therefore i don't really understand what should i do with my sql statement above. please help!

dlorde

December 21st, 2002, 06:03 AM

Ideally, your SQL query needs to do a case-sensitive comparison. MS Access comparisons are case-insensitive by default. I don't know MS Access, so you'll have to check your Access documentation to see if you can change this.

Alternatively, you could compare the password field(s) in the record(s) returned in the ResultSet with the original password using String.compareTo(...). This is case sensitive. If the result of a compare is zero, the strings are a lexicographic match, which is what you want.