|
|
i want to ask, i am using sql server 7 and i want my login to be case insensitive?
pls. help me with the script for this.
thanks
|
|
|
|
I`m going to assume that you have a webpage with a form that submits to an ASP page, and in that ASP page, you want to build a SQL query. Unfortunately, additional line breaks may be inserted when pasting the code in the forum.
`First get the variables from the Form.
strUname = Request.Form("Username")
strPword = Request.Form("Password")
`Now build the SQL query.
sql = "select * from account" & _
" where UPPER(uname) = `" & UCase(Replace(strUname,"`","``")) & "`" & _
" and UPPER(pword) = `" & UCase(Replace(strPword,"`","``")) & "`"
Notice the Replace() command! This is very important! You must replace single ticks with 2 single ticks. If you do not do this, it is VERY easy for anyone to enter a username and password that will "authenticate". For example, if a user enters:
Username: hacker
Pssword: ` or `A` = `A
If you do not do the replace, you would end up with a query like this:
select * from account
where UPPER(uname) = `hacker`
and UPPER(pword) = `` or `A` = `A`
This query would return all account records!
|
|
|
|
|
|
|
|
|
// |
Archive Import (diego) 
Troy Wolf
