6

I am using criteria api to check If the user name exists or not. After that I am checking the password. But the user name is not case sensitive. I want to make it case sensitive.

Criteria criteria2 = session.createCriteria(UserMaster.class);
criteria2.add(Restrictions.eq("userName", userName));
userDetails = (UserMaster)criteria2.uniqueResult();
if(userDetails != null) {
      //logic goes here
 }

Any help will be appreciated.

Sunil Kumar Naik
  • 923
  • 3
  • 8
  • 14
  • 3
    This might depend on the database you are using, or the settings of the database. For example, as far as I know MS SQL Server by default does case-insensitive string comparisons, and Oracle does case sensitive. – Jesper May 19 '15 at 09:54
  • @Jesper I think you should make that an answer. – Jens Schauder May 19 '15 at 09:56
  • The following changes has been done in the database side but still it is not working. ALTER TABLE USER_MASTER CHANGE PASSWORD PASSWORD VARCHAR(255) BINARY; – Sunil Kumar Naik May 19 '15 at 09:58
  • I would not expect that to work. What brand / version is your database? Look in the docs of your database to see how to change this setting. – Jesper May 19 '15 at 10:36

3 Answers3

3

How strings are compared, depends on the brand and version of the database and the settings of the database. Some databases, for example Microsoft SQL Server, compare strings in a case-insensitive way by default, while others compare strings in a case-sensitive way.

Check the settings of your database; lookup the documentation of your particular brand and version of database to find out how to change this setting.

If it is indeed MS SQL Server, then look for example at this question: Sql Server check case sensitivity?

Community
  • 1
  • 1
Jesper
  • 202,709
  • 46
  • 318
  • 350
0

I can say a simple solution. But its not a straight way. Encrypt your username using MD5 and save it to database. When comparing the username, you must encrypt the given username with MD5 and compare it with the username saved in the database. But i am not recommending this solution, anyway you can use this also. :)

JESTIN6699
  • 49
  • 4
0

I did with the native sql as follows

Query query = session.createSQLQuery("select * from USER_MASTER where binary USER_NAME='"+userName+"'").addEntity(UserMaster.class);
userDetails = (UserMaster)query.uniqueResult();
if(userDetails != null) {
  //code goes here
}
Sunil Kumar Naik
  • 923
  • 3
  • 8
  • 14
  • Be careful with directly putting a username in an SQL statement, this can make your program vulnerable to [SQL injection](http://en.wikipedia.org/wiki/SQL_injection). Someday [Bobby Tables](https://xkcd.com/327/) will create an account on your system... – Jesper May 20 '15 at 08:09