Password verification from VB6 to a SQL table

[Viguela]

I have a form where user need to input "EmployeeID" and "Password". At submit button click EmployeeID and Password need to be verify if they are correct on a SQL table.
I need HELP! ASAP!. Thanks.

 

[chiph]

You need to run a SELECT statement against the employee table with the ID and password they entered as parameters. Something like:
[tt]
"SELECT COUNT(*) as Valid FROM tblEmployee " & _
"WHERE ID = " & lEmpID & " AND " & _
"PASSWORD = '" & sPassword & "' "
[/tt]
The result of this will be a recordset with one column named Valid. If Valid contains a 0, then either the ID or password was incorrect and they need to try again. If Valid is 1, then what they entered was correct. If Valid > 1, then you've got a duplicate record in the database (oops!).

One advantage of using the COUNT function this way is that the real password (stored in the database) is never transmitted across the network, keeping it a little more secure.

Chip H.

 

[GSCVirus]

First of all, excuse me my bad english
you can execute
"SELECT Login FROM User WHERE Login = '" & sLogin &
"' AND Passwd = '" & sPasswd & "'"

but I always prefer to encrypt the password first, and save the encrypted password in the database, so when somebody wants to log on your system, the application sent the login and the password but encrypted.

Gonzalo S, from BOLIVIA

 

[chiph]

Thanks for the post Gonzalo.

Yes, having the ASP page (or whatever) encrypt the password first is a good idea. It depends on how much security Viguela needs in the application.

Chip H.