Invaild username and password

Question

0.00/5 (No votes)

See more:

Hi
I am using web application.

on my login button i have written this code

protected void btnlogin_Click(object sender, EventArgs e)
    {
        //sql connection
        SqlConnection cnn = new SqlConnection();
        cnn.ConnectionString = "connection string";
        cnn.Open();
        SqlCommand cmd = new SqlCommand("select mobileno,password from register where mobileno='"+txtmoblie.Text +"'and password='"+txtpassword.Text+"'",cnn);
        cmd.Connection = cnn;
        SqlDataReader dr = cmd.ExecuteReader();
      
        if (txtmoblie.Text != "mobileno" && txtpassword.Text != "password")
        {
            Response.Write(@"<script language='javascript'>alert('Invalid Username and Password')</script>");
        }
        else
        {
            Response.Redirect("signup.aspx");
        }
        cnn.Close();
}

It is giving me invalid username and password
please let me know where i am wrong

Thanks in advance.

Posted 9-Dec-11 22:11pm

aayu

Add a Solution

Comments

Orcun Iyigun 10-Dec-11 4:33am

Have you debugged what values are you getting in the "if" statement? Do your "Select" statement actually returns a value?

6 solutions

Solution 3

relpace the following and try:

C#

if (txtmoblie.Text != "mobileno" && txtpassword.Text != "password")

with

C#

if (txtmoblie.Text != dr["mobileno"] && txtpassword.Text != dr["password"])

Posted 9-Dec-11 23:02pm

member60

Solution 2

Hi,

Your problem is connection is not open with database.
so that follow below code for data base connection, fill four connection parameter as per your sql database.

C#

string ConnectionString ="Data Source=;Initial Catalog=;User ID=;Password=";
        SqlConnection cnn = new SqlConnection(ConnectionString);
        cnn.Open();

Posted 9-Dec-11 22:47pm

Jitendra Parida - Jeetu

Solution 5

Try this perhaps.

C#

if (dr[0] != "mobileno" && dr[1] != "password")
        {
            Response.Write(@"<script language="'javascript'">alert('Invalid Username and Password')</script>");
        }

If that is really your point :)

Regards,
Eduard

Posted 10-Dec-11 5:35am

Eduard Lu

Solution 4

Is it connection string is successful?

C#

cnn.ConnectionString = "connection string";
        cnn.Open();

Posted 9-Dec-11 23:22pm

velmahesh

Updated 10-Dec-11 8:14am

v2

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2011-12-09T22:34:00

Would you like a list?
Where should I start....
0) You do realize that you won't get an SQL connection working with the string "connection string"? You need to tell it which SQL server instance, and database to use.
1) Why are you retrieving the password and mobile number from the database, based on the mobile number and the password? All you would be doing would be pulling back the information you already have. Either retrieve a more useful column, or retrieve a count.
2) Why are you leaving yourself wide open to SQL Injection attacks which can accidentally or deliberately destroy your database? Use Parametrized queries instead.
3) Why are you storing passwords in plain text? All you are doing is leaving everybodies user information wide open to everyone who wants to look at it. Hash it instead and store the hash. There is info on this here: Password Storage: How to do it.[^]
4) Why aren't you actually using any of the results from your database query? All you test does is say "log in anyone who has the mobile number 'mobileno' and the password 'password'
5) You do realize that even if you fixed these things, all that would happen is the user would get annoyed? Because he would type in his details, you would check them, then throw them away when you re-direct to the signup.aspx page?

Does that sound harsh? Yes, it probably does.

Try to do one thing at a time. Establish your connection, and make sure it works. Then move on to retrieving infor from teh DB, and so forth.

Look at your course notes, and try to work out what you are supposed to do here...:laugh:

Robin Rizvi · Accepted Answer · 2011-12-10T06:39:00

protected void btnlogin_Click(object sender, EventArgs e)
    {
        SqlConnection cnn = new SqlConnection("__your connection string__");
        cnn.Open();
        SqlCommand cmd = new SqlCommand("select mobileno,password from register where mobileno='"+txtmoblie.Text +"'and password='"+txtpassword.Text+"'",cnn);
        SqlDataReader dr = cmd.ExecuteReader();
        if (dr.read())//this is what you need
        {
        Response.Redirect("signup.aspx");
        }
        else
        {
        Response.Write(@"<script language="'javascript'">alert('Invalid Username and Password')</script>");
        }
        cnn.Close();
}