|
-
January 16th, 2011, 04:36 PM
#1
Problem with string
hi, i m trying to make something like a login page and i used the following code to compare the Users password from a password text box and then compare it with the Database password to see if it is the same. nevertheless when i compare the strings the system doesnt accept them as the same and i cant login.(i also tried the String.Compare but i get the same resuly). Any help please?
Code:
String username = txtusername.Text;
String password = txtpass.Text;
String connStr = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
SqlConnection conn = new SqlConnection(connStr);
SqlCommand cmd = new SqlCommand();
cmd.Connection = conn;
cmd.CommandText = "select password from Details WHERE username='" + username + "';";
Console.WriteLine(cmd.CommandText);
conn.Open();
String pass = cmd.ExecuteScalar().ToString();
conn.Close();
Label2.Text = pass;
Label3.Text = password;
if (pass==password)
{
Response.Redirect("logedin.aspx");
}
-
January 16th, 2011, 06:47 PM
#2
Re: Problem with string
Holy SQL injection Batman! Little Bobby Tables' Mother would like to have a word with you.
...Anyway, show us some sample input. Are the two strings the same case throughout (guessing no)?
-
January 16th, 2011, 07:00 PM
#3
Re: Problem with string
I am in agreement with Ed ...
It has occurred to me that the programmer's Best Friend Forever is or should be the debugger, not CodeGuru.
What has the debugger told you about the strings ?
Are they identical except for a leading or trailing space ?
Are they identical except for case ?
Are they completely different, and if so, which is the unexpected string ?
Is string 'pass' a null or empty string ?
All of this and more, much more, is available to you via the debugger. Get to know and love your BFF.
Last edited by ThermoSight; January 16th, 2011 at 11:46 PM.
-
January 17th, 2011, 05:18 AM
#4
Re: Problem with string
i insert 2 labels to check their values. Label2.Text and Label3.Text have exactly the same value when i click the login button!. label2 take the pass from the database and label3 from the password textbox.
-
January 17th, 2011, 02:25 PM
#5
Re: Problem with string
Well, pikkas, I have to admit that I am surprised.
You say that the strings are identical but you seem to be saying that the IF statement fails. I can't imagine why that might happen. The "==" predicate should work as well as the .Equals() method and the Compare(s1, s2) method. Indeed, I tested all three here on my machine and they all worked as expected.
I wonder if it's possible that one of the strings has a leading or trailing space ... if one of them did have a space, would you be able to tell by viewing each string on a label ? I wouldn't.
If I were you, I would re-write the IF statement as
"if (pass.trim() == password.trim())"
or just set a breakpoint right at the if statement. The debugger would show the two strings in quotes, making any leading or trailing spaces obvious.
Last edited by ThermoSight; January 17th, 2011 at 02:30 PM.
-
January 17th, 2011, 04:36 PM
#6
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
Originally Posted by BigEd781
