Question what is the problem in my code? For Log in.

KenQui

Member
Joined
May 11, 2022
Messages
12
Programming Experience
Beginner
The thing is I'm creating a log in , in ms visual studio 2010 and ms access database using vb.net language.
Also the username is Admin and the password is admin in database.
The problem is that when I login and input username and password like this admin for username and for password is admin , it will login even when the first letter is big letter it will login.
How to fix this.

It just I want what is in the database as well when I log in, that even if I input a big letter or small letter in the first letter of word if that is not the correct one in the database it will not log in.

Here's my code below.

VB.NET:
Imports System.Data.OleDb
Imports System.Data
Public Class AdminLogin

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

        Dim con As New System.Data.OleDb.OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source = " & Application.StartupPath & "\UALogin.accdb;")


        If TextBox1.Text = Nothing Or TextBox2.Text = Nothing Then
            MsgBox("Enter Credentials ", MsgBoxStyle.Exclamation)
        Else
            If con.State = ConnectionState.Closed Then
                con.Open()
            End If
            Dim cmd As OleDbCommand = New OleDbCommand("SELECT count(*) FROM db_admin WHERE Username =? and Password=?", con)
            cmd.Parameters.AddWithValue("@1", OleDbType.VarChar).Value = TextBox1.Text
            cmd.Parameters.AddWithValue("@2", OleDbType.VarChar).Value = TextBox2.Text
            Dim count = Convert.ToInt32(cmd.ExecuteScalar())

            If (count > 0) Then
                MsgBox("Login succeed", MsgBoxStyle.Information)
                AdminMenu.Show()
            Else
                MsgBox("Account not found check credentials", MsgBoxStyle.Critical)
            End If
        End If
    End Sub
 
Last edited by a moderator:

jmcilhinney

VB.NET Forum Moderator
Staff member
Joined
Aug 17, 2004
Messages
14,744
Location
Sydney, Australia
Programming Experience
10+
In a real application, you wouldn't store passwords in plain text so this would not be a problem. When a user registers, you should hash their password and save the result. When the user logs in, you hash their password and compare the result to the stored value. If they enter the password using the wrong case then it will generate a different hash and so will not match.

If this is a just a test/learning project then you may not want to go that far. In that case, you need to find out what option your flavour of SQL provides to perform a case-insensitive comparison. I didn't know that myself so I did a web search for "case sensitive comparison in access" and I learned that the StrComp function can perform case-sensitive or -insensitive comparisons. You could so this:
SQL:
SELECT COUNT(*) FROM db_admin WHERE Username = ? AND StrComp([Password], ?, 0) = 0
See here for how this function works.

Note that I have escaped the Password column name. I'm surprised that you haven't had to because that is a reserved word in Jet/ACE SQL.
 

KenQui

Member
Joined
May 11, 2022
Messages
12
Programming Experience
Beginner
In a real application, you wouldn't store passwords in plain text so this would not be a problem. When a user registers, you should hash their password and save the result. When the user logs in, you hash their password and compare the result to the stored value. If they enter the password using the wrong case then it will generate a different hash and so will not match.

If this is a just a test/learning project then you may not want to go that far. In that case, you need to find out what option your flavour of SQL provides to perform a case-insensitive comparison. I didn't know that myself so I did a web search for "case sensitive comparison in access" and I learned that the StrComp function can perform case-sensitive or -insensitive comparisons. You could so this:
SQL:
SELECT COUNT(*) FROM db_admin WHERE Username = ? AND StrComp([Password], ?, 0) = 0
See here for how this function works.

Note that I have escaped the Password column name. I'm surprised that you haven't had to because that is a reserved word in Jet/ACE SQL.I.
Sorry about that I'm beginners in programming and I have so much to learn.
By the way their is an error here.
1652485097677.png
 

chrisjlocke1

Member
Joined
Apr 12, 2022
Messages
18
Programming Experience
10+
> By the way their is an error here.

Can you move the error box, or re-enter the line that begins "dim cmd as ..." as its hidden, and different from the line you originally posted. Does that line contain the 'con' object?
 
Top Bottom