Databases
StackOverflow2013
Postsdbo
POComparing two rows in the same table in sql server
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POComparing two rows in the same table in sql server
    text
    copied!<p>I have looked at similar answers but, this is what I am looking for since I did not find any answers from previously answered questions:</p> <p>This is my scenario: I have a table <code>[res_user]</code> with <code>username, password, key_pin</code> which saves a username, an encrypted password, and a 4 digit pin or key.</p> <p>I am making an app in C# that allows a manager to log in and make changes to the database from the app itself.</p> <p>The manager is first prompted to log in with a username, a password, and their key_pin they are provided with. The pin is what will encrypt and decrypt the password to and from the database.</p> <p>Now I have a username <code>[manager]</code> and an encrypted password already saved in the database with the <code>key_pin</code>.</p> <p>How can I make sure that the manager logging in is the right one, meaning how can I compare the username and the encrypted password in the database from the C# app.</p> <p>These are the steps that I though of that I will implement in the app itself (using SQL syntax in c#):</p> <ol> <li><p>Encrypt the password,</p></li> <li><p>Get the saved encryption in the database using the login username, and</p></li> <li><p><strong>Compare</strong> the encryption returning a yes or a no back to the app for access control.</p></li> </ol> <p>allowing 5 attempts to log in.</p> <p>This is the first and second part I did:</p> <pre><code>try { using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["STRING"].ConnectionString)) { using (SqlCommand cmd = new SqlCommand("dbo.Res_User", con)) { cmd.CommandText = "INSERT INTO Res_User(username, password, key_pin) SELECT '" + username + "' , dbo.fnEncDecRc4('" + pin + "','" + password + "'), '" + pin + "'"; con.Open(); cmd.ExecuteNonQuery(); MessageBox.Show("Added", "Information", MessageBoxButtons.OK); cmd.CommandText = "SELECT password FROM Res_User WHERE username = @username"; cmd.Parameters.AddWithValue("@username", username); cmd.ExecuteNonQuery(); using (SqlDataReader reader = cmd.ExecuteReader()) { if (reader.HasRows) { while (reader.Read()) { MessageBox.Show(reader["password"].ToString(), "Information", MessageBoxButtons.OK); } } } </code></pre> <p>How do I go about doing the third part?</p> <p>Only if someone can help me compare the saved enc. password and the login enc. password which I did in part one.</p> <p>Let me know if more information is needed.</p> <p>Thank You.</p> <p>Any help will be appreciated.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload