Password case sensitive

[maddyrafi]

Sir, I save my password in database is SAAmi@123 but if even enter in small letters saami@123 means its also logging in but it was not correct. please correct in my code pls

if (textBox9.Text != "" && textBox10.Text != "")
{
string connectionString;
MySqlConnection cnn;
connectionString = @"Data Source=localhost;Initial Catalog=testDB;User ID=root;Password=mysql";
cnn = new MySqlConnection(connectionString);
string id = textBox9.Text;
string password = textBox10.Text;
textBox9.Text = "";
textBox10.Text = "";
string query = "select count(*) from login where userid=@userid and password=@password";
using (MySqlCommand cmd = new MySqlCommand(query))
{
cmd.Parameters.AddWithValue("@userid", id);
cmd.Parameters.AddWithValue("@password", password);
cmd.Connection = cnn;
cnn.Open();
cmd.ExecuteNonQuery();
int result = Convert.ToInt32(cmd.ExecuteScalar());
var results = cmd.ExecuteReader();
DialogResult dr = MessageBox.Show("Are you sure to Login now?", "Confirmation", MessageBoxButtons.YesNo);
if (dr == DialogResult.Yes && result > 0)
{
MessageBox.Show("Login Successfully");
cnn.Close();
this.Hide();
Form2 f2 = new Form2();
f2.ShowDialog();
}
else
{
MessageBox.Show("Login Failed");
}
}
}
else
{
MessageBox.Show("Please Enter Correct Login details");
}

 

[jmcilhinney]

Text comparison in a database is generally case-insensitive by default. You shouldn't be doing a straight text comparison for a password though. You should be hashing the password and preferably salting it too, then storing the result in the database. When the user logs in, you salt and hash their password and compare the result to what's stored. Any difference in input casing will result in a different hash value and no match. There's plenty of info on the subject out there.