locked
If statement to compare to text values (this should be easier I'm sure!) RRS feed

  • Question

  • User1234091709 posted

    Hey all,

    I'm sure this should be a really easy thing to do, but I am just not getting the results I would expect.

    Consider a basic log in process where a user enters a password and from their username I load the saved password from an SQL database.  To compare the two I should be able to simple do a If statement can't I?  If one equals the other, password is correct, if it doesn't then the user isn't logged in.  The problem is, I have confirmed that the values I am comparing pretty much make no difference, the user is processes as being logged on.  Its really simple code:

    info:

    myReader("password") is the password extracted from the SQL database

    login_password.Text is the value in the form of the users entered password

    I have added the .ToString.ToLower only to try everything to simply the comparison.  It doesn't work without them either.  I have also tried using a StrComp function comparison as well however I get the same results.  I can see the values are the same when I added them to some screen output.  Oddly, when I use watch variables, the values appear as "value1" in one case, and "value2 in the other (missing the trailing ").  However these " are never displayed in any output so I am not sure if that is a qwerk in Studio Web 2013 Express.

    Here is the If statement

    If myReader("password").ToString.ToLower = login_password.Text.ToString.ToLower Then
                    Session("Username") = myReader("email").ToString.ToLower & " " & myReader("password").ToString.ToLower & " " & login_password.Text.ToString.ToLower
                    Session("LoggedIn") = 1
          Else
                    Session("Username") = "Wrong password"
                    Session("LoggedIn") = 0
    End If

    _________________________________

    Even if I use the wrong password the If gets processed as a successful comparison, not the else and I end up with:

    Logged Username: emailaddress password bpassword

    and the Session loggedin variable is set to 1.

    I'll be honest, if I had any hair left I'd be pulling it out in chuncks at the moment.

    Thanks for any help in advance.

    Cheers

    Guy

    Wednesday, October 30, 2013 2:08 AM

Answers

  • User1234091709 posted

    Thanks, in working though your suggestions I ended up trying this, which I think is working

    If myReader("password").ToString.TrimEnd(" ") = login_password.Text Then


    I'm sure I had already tried that and it didn't work but now it seems too, man I hate computers sometimes lol

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, October 30, 2013 3:18 AM

All replies

  • User1508394307 posted

    Guy,

    few thoughts

    - comment that code out and put this instead

    Response.Write("db pass=" & myReader("password").ToString())
    Response.Write("entered pass=" & login_password.Text)
    Response.End 

    This should help you to see the values.

    - it seems that the problem is not in the IF statement but somewhere else. If you cannot find the issue, please, share the entire method

    - best practice is to compare password in the database

    instead of doing 

    select password from mytable where email=@email

    use

    select id from mytable where email=@email and password=@password

    then in the code check, if sql returned 1 record - success - if not - failure.

    Hope this helps.

    Wednesday, October 30, 2013 2:46 AM
  • User1234091709 posted

    Thanks, in working though your suggestions I ended up trying this, which I think is working

    If myReader("password").ToString.TrimEnd(" ") = login_password.Text Then


    I'm sure I had already tried that and it didn't work but now it seems too, man I hate computers sometimes lol

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, October 30, 2013 3:18 AM