用户名和密码不区分大小写

时间:2019-04-27 14:05:46

标签: sql database passwords

我知道我不是将密码存储在哈希中,但是对于此数据库而言,这无关紧要。

代码引用一个SQL数据库,该数据库将密码存储为纯文本

代码如下:

/*Checks to see if the username and password matcch the database
         If it does, it lets you in, if not you displays an error message*/
        string user = textBox1.Text.ToString();
        string pass = textBox2.Text;
        MySqlConnection conn = new MySqlConnection(ConnectionString);
        MySqlDataAdapter sda = new MySqlDataAdapter("SELECT COUNT(*) from Employees WHERE UserName = '"+(user)+ "' and Password = '"+(pass)+"' collate Latin1_Genral_CS_AS", conn);
        DataTable dt = new DataTable();
        sda.Fill(dt);
        if(dt.Rows[0][0].ToString() == "1")
        {
            HomeScreen home = new HomeScreen();
            this.Hide();
            home.ShowDialog();
        }
        else
        {
            MessageBox.Show("Incorrect Username or Password", "alter", MessageBoxButtons.OK, MessageBoxIcon.Error );
        }

2 个答案:

答案 0 :(得分:1)

您可以将输入值和表列都转换为lowercaseuppercase

/*Checks to see if the username and password matcch the database
         If it does, it lets you in, if not you displays an error message*/
        string user = textBox1.Text.ToLower();
        string pass = textBox2.Text.ToLower();
        MySqlConnection conn = new MySqlConnection(ConnectionString);
        MySqlDataAdapter sda = new MySqlDataAdapter("SELECT COUNT(*) from Employees WHERE LOWER(UserName) = '"+(user)+ "' and LOWER(Password) = '"+(pass)+"' collate Latin1_Genral_CS_AS", conn);
        DataTable dt = new DataTable();
        sda.Fill(dt);
        if(dt.Rows[0][0].ToString() == "1")
        {
            HomeScreen home = new HomeScreen();
            this.Hide();
            home.ShowDialog();
        }
        else
        {
            MessageBox.Show("Incorrect Username or Password", "alter", MessageBoxButtons.OK, MessageBoxIcon.Error );
        }

答案 1 :(得分:0)

您可以alter database使用您想要的collation

ALTER DATABASE DBNAME CHARACTER SET utf8 COLLATE utf8_general_ci;

但是,这仅适用于新表。您可以altertable column使用您偏好的collation

ALTER TABLE table_name MODIFY column_name column_datatype COLLATE utf8_bin;
相关问题
最新问题