Java - How to implement case-senstive username and password

Question

So I making this login form where the credentials (username and password) are stored in MYSQL. I want the username and password to be case sentive.

AuthDAO.java

public static int checkUserPass(String username, String password){
    int userId = -1;
    try{
        Class.forName("com.mysql.jdbc.Driver");
        cn = DriverManager.getConnection("jdbc:mysql://localhost/b440", "root", "b440");

        String q="SELECT userId FROM user WHERE username='"+username+"' AND password='"+password+"'";

        Statement st = cn.createStatement();
        ResultSet rs = st.executeQuery(q);
        while(rs.next()){
            userId=Integer.parseInt(rs.getString("userId"));
        }
        rs.close();
        st.close();         
    }catch(Exception e){
        System.err.println(e.getMessage());
        e.printStackTrace();
    }
    DB_close();
    if(userId!=-1)
        return userId;
    return -1;
}

LoginServlet.java

else{
    int ID = checkUserPass(username, password, role);
    if(ID!=-1 ){ //User Is Legit!!
        loggedIn = "true";
        HttpSession se = request.getSession();
        se.setAttribute("user", getUserById(ID));
        se.setAttribute("loggedIn", loggedIn);
        url = "/index.jsp";
        msg = "Login Successful!";

        request.setAttribute("loggedIn", loggedIn);
        request.setAttribute("msg", msg);
    }
    else{
        msg = "Invalid Login, please check username or password";
        url = "/login.jsp";
        loggedIn = "false";
        request.setAttribute("loggedIn", loggedIn);
        request.setAttribute("msg", msg);           
    }

Not what you asked - but PLEASE read all about SQL injection attacks. — Dawood ibn Kareem, Oct 04 '15 at 18:23
It means it should differentiate between capital and lower case letters. For eg: if the username and passwords are Flash and faST respectively then it shouldn't accept flash, FLASH or fast, FAST as the login credentials. — Sick Series, Oct 04 '15 at 18:24
For god's sake please change to [prepared statements](http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html) to fill in username and password and use a secure hashing algorihm with [salting](https://en.wikipedia.org/wiki/Salt_%28cryptography%29) to store passwords. — try-catch-finally, Oct 04 '15 at 18:25

Adil Shaikh · Accepted Answer · 2015-10-04T18:29:18.357

2

By default mysql queries are case-insensitive.

though you can use BINARY like this -

SELECT userId FROM user WHERE BINARY username='"+username+"' AND  BINARY password='"+password+"'

Or there are some other ways -

http://dev.mysql.com/doc/refman/5.0/en/case-sensitivity.html

edited Oct 04 '15 at 18:29

answered Oct 04 '15 at 18:23

Adil Shaikh

44,509
17
89
111

Java - How to implement case-senstive username and password

1 Answers1