Re: Login Authentication against database...

[Margaret Fisk]

Title: Message

I agree with jmc's suggestion. However, I would also recommend that you use the lower case function in both Java and the database to compare since a user may enter the name with any number of capital letters.   Margaret -----Original Message----- From: Joe Cheng [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 14, 2001 10:46 AM To: [EMAIL PROTECTED] Subject: Re: Login Authentication against database... Praveen-   It looks like your query is retrieving the whole set of users and then iterating in Java to see if any of them match the username/password the user entered.  Why would you do that, rather than simply:   SELECT * FROM users WHERE username = '<username entered by user>' AND password = '<password entered by user>';   and see if any rows are returned.  If there are no rows, the username and/or password was wrong.  This way you don't have to deal with so much data, making it potentially much faster and less memory intensive.   -jmc