Hi

I have a login form use the  following sql statement

select from user where username = "?" and password ="?"

now the two users can login

select from user where username = "TEST" and password ="pwd"

select from user where username = "test" and password ="pwd" 

The system see "TEST" same with "test",but I only allow "TEST" login.how to make the select statement case sensible?

How to fix this?Thanks

Mk 

Cast the user name and password to binary or varbinary datatype and compare as given below.

syntax: 

select 1 from user where CAST(username as varbinary(<length of username field>)) =  CAST(<user entered value for user name> as varbinary(<length of username field>))

usage:

select 1 from user where CAST(username as varbinary(20)) = CAST("TEST" as varbinary(20))

and CAST(password as varbinary(10)) = CAST("pwd" as varbinary(10))

Note: The basic idea here is that when you convert the string to binary/varbinary you get different values for "A" and "a" and it solves the issue.

Hope this helps.

Run this for your user column to make it case sensitive:

ALTER COLUMN username VARCHAR(50)