How do I slove this problem?

Question

0.00/5 (No votes)

See more:

i am trying to create a login page.However whenever i debug i will receive Username is not correct .And i m not able to log in.Below are the codes i used.the software i m using is visual studio 2010.

C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

namespace DEMO
{
    public partial class login : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void Button1_Click(object sender, EventArgs e)
        {
           
          
                SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
                conn.Open();
                string checkuser = "select count(*) from [UserData] where UserName = ' " + UserNameBOX.Text + "'";
                SqlCommand com = new SqlCommand(checkuser, conn);
                int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
                conn.Close();
                if (temp == 1)
                {
                    conn.Open();
                    string checkpasswordQuery = "select Password from UserData where UserName = ' " + UserNameBOX.Text + "'";
                    SqlCommand passComm = new SqlCommand(checkpasswordQuery, conn);
                    string password = passComm.ExecuteScalar().ToString().Replace("", "");
                    if (password == PasswordBOX.Text)
                    {
                        Session["New"] = UserNameBOX.Text;
                        Response.Write("Password is correct");
                        Response.Redirect("MAIN PAGE.ASPX");
                    }
                    else
                    {
                        Response.Write("Password is Not correct");
                    }

                }
                else
                {
                    Response.Write("UserName is Not correct");
                }
                conn.Close();
                
            }

What I have tried:

i try redoing and search for answer but i still cannot do it.

Posted 10-Oct-16 17:11pm

Darryl Chua

Updated 10-Oct-16 18:40pm

Garth J Lancaster

v2

Add a Solution

2 solutions

Solution 1

First of all, use parameterized query instead of queries like this which are prone to SQL Injection attacks.

Next this is that you can have only one query to check if the username and password exists in db or not by doing like below.

SQL

SELECT Count(UserName) FROM UserData WHERE UserName = @UserName AND Password = @Password

Posted 10-Oct-16 18:39pm

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ)

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Garth J Lancaster · Accepted Answer · 2016-10-10T18:40:00

The first thing I'd suggest is get rid of the nasty way you create your SQL queries ... use parameterised queries instead https://www.dotnetperls.com/sqlparameter[^]

The second thing is - why are you storing a password ? no,no,no - really bad idea - storing a hash of a password, then hashing the input from the user and comparing hashes, yes, yes, yes

Third - I think you need to check what you're trying to do - does 'ExecuteScalar' return a 'row' value like you want, or, perhaps, it returns a single value from (for example) 'select count * from table where ...' - so your first use is more correct, the second ie

C#

string checkpasswordQuery = "select Password from UserData where UserName = ' " + UserNameBOX.Text + "'";
SqlCommand passComm = new SqlCommand(checkpasswordQuery, conn);
string password = passComm.ExecuteScalar().ToString().Replace("", "");

no ....