How Do I Compare Database Value With Textbox Input Values?

Question

1.00/5 (1 vote)

See more:

i have developed a login system where we can input our username and password. then it will checks with database an user name and password is correct it will throw a message saying thank you.

for that i have used service based database with dataset, which is inbuilt database.

result of this code is nothing. but it will execute without errors?

C#

private void Btn1_Click(object sender, EventArgs e)
        {

            SqlConnection cn = new SqlConnection(global::EnQApp.Properties.Settings.Default.Database1ConnectionString);

            try {
                cn.Open();
                using (SqlCommand command = new SqlCommand("SELECT * FROM Login", cn))
                {
                    //
                    // Invoke ExecuteReader method.
                    //
                    SqlDataReader reader = command.ExecuteReader();
                    while (reader.Read())
                    {
                        string name = reader.GetString(1);  // Name string
                        string pass = reader.GetString(2); // Password string
                        //
                        // generates a thank you message
                        //
                        MessageBox.Show("Thank you");
                    }
                }
            }
            catch (Exception ex) { }
            finally { }
        }

Posted 30-Nov-14 17:56pm

Hemas Ilearn

Updated 30-Nov-14 17:58pm

v2

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Wendelius · Answer 1 · 2014-11-30T18:17:00

First of all, you should try to find the correct row from Login table, not to get all rows and loop through them. This would mean something like

SQL

SELECT * 
FROM Login
WHERE UserName = @username
AND HashedPassword = @hashedpassword

Before executing the statement, set proper values to the bind variables using SqlParameter[^]

About the password. Don't store the password as plain text or even encrypted, use one way hashing. A good read about the subject is Password Storage: How to do it.[^]

Peter Leow · Answer 2 · 2014-11-30T18:18:00

Solution 2

You should just check the existence of the record that matches the username and password, never retrieve it. Better use a store procedure to do the sql operation.
Check this out: Login Form in Windows Application Using ASP.Net C#[^]
Read more on Salted Password Hashing - Doing it Right[^]

Posted 30-Nov-14 18:18pm

Peter Leow

Updated 30-Nov-14 18:21pm

v2

Comments

Wendelius 1-Dec-14 0:22am

In my opinion you should never store the password so that it can deciphered. Better to use hashing.

Peter Leow 1-Dec-14 0:25am

Exactly, that why I have advised him to read more...

Wendelius 1-Dec-14 0:27am

I see that you added some info to the solution. Looks much better :)

Peter Leow 1-Dec-14 0:30am

Look that OP is quite fresh, so need to go bit by bit slowly.

Mohamed Mitwalli · Answer 3 · 2014-11-30T18:24:00

Hi ,
Check this

C#

private void Btn1_Click(object sender, EventArgs e)
    {

        SqlConnection cn = new SqlConnection(global::EnQApp.Properties.Settings.Default.Database1ConnectionString);

        try
        {
            cn.Open();
            using (SqlCommand command = new SqlCommand("SELECT * FROM Login where username =@username and password = @password", cn))
            {
                //
                // Invoke ExecuteReader method.
                //
                command.Parameters.AddWithValue("@username", txtbox1.Text);
                command.Parameters.AddWithValue("@password", txtbox2.Text);
                SqlDataReader reader = command.ExecuteReader();
                if (reader.HasRows)
                {
                    // IF it has Rows so your Good to go and show your message 
                    MessageBox.Show("Thank you");
                    /*
                    while (reader.Read())
                    {
                        string name = reader.GetString(1);  // Name string
                        string pass = reader.GetString(2); // Password string
                        //
                        // generates a thank you message
                        //
                        MessageBox.Show("Thank you");
                    } 
                     * */
                }
            }
        }
        catch (Exception ex) { }
        finally { }
    }

How Do I Compare Database Value With Textbox Input Values?

3 solutions

Solution 1

Solution 2

Solution 3

Add your solution here

Preview 0