CODEWITHSUNDEEP
javamysqljdbc
Malwaregeek
Malwaregeek

Reputation: 2274

Case Sensitive where query

I am creating a login form and I want the password to be case sensistive. I wrote the following code. How can I make it case sensitive using the where clause.

PreparedStatement stm = con.prepareStatement(" select * from user where userid =? and   password   =?" );

stm.setString(1, userid);
stm.setString(2, pswd);        
ResultSet rs =stm.executeQuery();
if (!rs.next()) {
    JOptionPane.showMessageDialog(this, "Invalid Id/Password");
}

Upvotes: 2

Views: 1042

Answers (3)

AllTooSir
AllTooSir

Reputation: 49372

Apart from the other better suggestion , one thing you can try is to use the BINARY OPERATOR , which will force MySQL to check for an exact case.

select * from user where userid=?  and BINARY  password=?

IMHO , Martijn's answer is the one you should follow.

Upvotes: 2

Martijn
Martijn

Reputation: 16103

Well, the password should be hashed (at least!) with functions like sha1. Sha1 returns a whole other value for different capitals.

If you have case insensative results, you probally are saving it plain text, which should be altered FIRST THING!

String  - sha1 value
example - c3499c2729730a7f807efb8676a92dcb6f8a3f8f  
Example - 0f01ed56a1e32a05e5ef96e4d779f34784af9a96  
eXample - decb1226835e95f0441ec4ee0ecd9283796a9cfb

You can also change you DB column to utf8_general* instead of utf8_general_ci*, ci means CaseInsentative. But you really dont want to do this way
*Asuming you use utf8

I dont know the functions available in java, but the principles stay the same. I suggest you do some research about how to store passwords using java :)

Upvotes: 4

Sergio
Sergio

Reputation: 6948

Storing password in plain text is a bad idea. Use md5 hashing at least.

Upvotes: 2

Related Questions