|
Hi there thanks for my reply.
well, phone_nume is a column in the datagride that holds phone numbers
and chkSelection is a checkbox id that is in the same datagrid.
I would like to retrieve these phone numbers where a checked is = true...
Do you know how you can do this?
Oops! errors0 is just a demo Label to display the numbers after retrieving them
from my datagrid..
Please help if you can...
|
|
|
|
|
Hi,
I develop a Csharp smart device application.I was in the first step.I create a ConnexionForm where user writes his login and password,the system verifys if they are in the database .sdf.I write this code:
private void button1_Click(object sender, EventArgs e)
{
string s1 = textBox1.Text.ToString();
string s2 = textBox2.Text.ToString();
BaseGmaoLocaleDataSet2 dat = new BaseGmaoLocaleDataSet2();
DataRow[] foundRows;
foundRows = dat.Tables["Connexion"].Select("Login like s1 and MotPasse like s2");
if (foundRows != null)
{
MessageBox.Show("Authentification réussie");
MenuP m = new MenuP();
m.Show();
}
else
{
MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");
}
}}}
But an error appears to me telling me that there is an error in the form of the 2 strings s1 et S2
Can you help me?
Thanks for all u suggestions
|
|
|
|
|
Hi,
several comments:
1.
your database does not know what s1 and s2 mean in Select("Login like s1 and MotPasse like s2");
you want the content of s1 and s2, not the names of the variables; so they must not be inside double quotes.
and then you want SQL to see them as string literals, which requires single quotes.
So at least you should change it to
...Select("Login like '"+s1+"' and MotPasse like '"+s2+"'");
2.
it does not make sense to use like like that, there are no wildcards, nor anything special. So better write
...Select("Login = '"+s1+"' and MotPasse = '"+s2+"'");
3.
you should not pass user input straight to an SQL statement, it makes your app very vulnerable; the user could type things that end up your SQL statement do things you don't want such as delete a table.
Either check your inputs (you must avoid empty fields too!) or use parameterized SQL (use SQLParameter).
4.
You should not store plain passwords in a database; you should use encryption or hashing. Read up on best practices for passwords!
|
|
|
|
|
I would try putting the s1 and s2 into single quotes and maybe using wild cards (%)
foundRows = dat.Tables["Connexion"].Select("Login like '%" + s1 + "%' and MotPasse like '%" + s2 +"%'");
Lucs answer is better. See that.
modified on Tuesday, April 13, 2010 9:06 AM
|
|
|
|
|
it should work, however I don't think wildcards are a good idea for authentication.
Chances are entering
username: a
password: a
will let you in, as it would match Jan/MySecretPassword as well as an infinite number of other possible accounts.
|
|
|
|
|
Hi,
Thank u Lucs,the error desappears but a new problem appears:
althougth the login and password are not in my database .sdf,the system returns"successful authentification".
What should I add to correct this??
Thanks a lot for u contribution
|
|
|
|
|
string s1 = textBox1.Text.ToString();
string s2 = textBox2.Text.ToString();
Text property is already a string, so you don't need the ToString() method here. So :
string s1 = textBox1.Text;
string s2 = textBox2.Text;
is sufficient.
SqlCeConnection cnx = new SqlCeConnection("...");
string req = "SELECT * FROM Connexion WHERE Login = @login AND MotPasse = @pass";
SqlCeCommand cmd = new SqlCeCommand(req, cnx);
SqlCeParameter login = new SqlCeParameter("login", s1);
cmd.Parameters.Add(login);
SqlCeParameter pass = new SqlCeParameter("pass", s2);
cmd.Parameters.Add(pass);
...
Here's the general idea. Hope it'll be useful.
modified on Tuesday, April 13, 2010 10:54 AM
|
|
|
|
|
O.Phil wrote: textBox1.Text.ToString()
or textBox1.Text.ToString().ToString()
|
|
|
|
|
I was just observing that "Text property is already a string, so you don't need the ToString() method here."
|
|
|
|
|
right.
And a good thing about TextBox is it's Text property never returns null.
|
|
|
|
|
Hi,
I add what u tell me about but still the same problem.
private void button1_Click(object sender, EventArgs e)
{
string s1 = textBox1.Text;
string s2 = textBox2.Text;
SqlCeConnection cnx = new SqlCeConnection();
string wCS = String.Format("DATA SOURCE = '{0}';", Program.gFichierBase);
cnx.ConnectionString = wCS;
string req = "SELECT * FROM Connexion WHERE Login = @login AND MotPasse = @pass";
SqlCeCommand cmd = new SqlCeCommand(req, cnx);
SqlCeParameter login = new SqlCeParameter("login", s1);
cmd.Parameters.Add(login);
SqlCeParameter pass = new SqlCeParameter("pass", s2);
cmd.Parameters.Add(pass);
BaseGmaoLocaleDataSet2 dat = new BaseGmaoLocaleDataSet2();
DataRow[] foundRows;
foundRows = dat.Tables["Connexion"].Select("Login like '%" + s1 + "%' and MotPasse like '%" + s2 + "%'");
if (foundRows != null)
{
MessageBox.Show("Authentification réussie");
MenuP m = new MenuP();
m.Show();
}
else
{
MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");
}
}
It seems so difficult
Thanks for u contribution
|
|
|
|
|
Hi,
When you use the SqlCe Connection and Command object, you don't need to use your dataset anymore.
If you have MSDN installed, you can check the use of these objects (particularly the SqlCeCommand object, since this is the one that actually does the request).
So :
{...}
cmd.Parameters.Add(pass);
int count = cmd.ExecuteScalar();
if (count == 1)
{
MessageBox.Show("Authentification réussie");
MenuP m = new MenuP();
m.Show();
}
else
MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");
Here's the idea. Courage !
|
|
|
|
|
|
Use Scope_Identity instead. It's the recommended option.
"WPF has many lovers. It's a veritable porn star!" - Josh Smith As Braveheart once said, "You can take our freedom but you'll never take our Hobnobs!" - Martin Hughes.
My blog | My articles | MoXAML PowerToys | Onyx
|
|
|
|
|
from msdn
IDENT_CURRENT is similar to the SQL Server 2000 identity functions SCOPE_IDENTITY and @@IDENTITY. All three functions return last-generated identity values. However, the scope and session on which last is defined in each of these functions differ:
* IDENT_CURRENT returns the last identity value generated for a specific table in any session and any scope.
* @@IDENTITY returns the last identity value generated for any table in the current session, across all scopes.
* SCOPE_IDENTITY returns the last identity value generated for any table in the current session and the current scope.
So SCOPE_IDENTITY seems the right one in a multi threaded environment.
|
|
|
|
|
More reason not to use identities at all.
|
|
|
|
|
hi....
I want to upload image using fileupload/asyfileupload control... and want to show in image control...at a time ..
any one can help me.
sir actually problem is this that i do not want to save image in folder before display in image control.
Means first i want to browse image using fileupload control then on open click of subwindow i want to show image in image control for confirmation that selected image is correct and after that i want to save it in folder or database...
Hope u will got my question
-- Modified Tuesday, April 13, 2010 10:21 AM
|
|
|
|
|
first upload it then show it in image control, whats the problem?
|
|
|
|
|
sir actually problem is this that i do not want to save image in folder before display in image control.
Means first i want to browse image using fileupload control then on open click of subwindow i want to show image in image control for confirmation that selected image is correct and after that i want to save it in folder or database...
Hope u will got my question
|
|
|
|
|
Hi.
I try to connect sql server 2005 through OBDC connection bt i face a error please give me some solution, i face this error
ERROR [08001] [Microsoft][ODBC SQL Server Driver][DBNETLIB]SQL Server does not exist or access denied.
ERROR [01000] [Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionOpen (Connect()).
my Coding is
OdbcConnection conn = new OdbcConnection("Driver={SQL Server};Server=test;UID=sa;PWD=java;");// test is my ODBC connection name
string query = "INSERT INTO test VALUES ('" + textBox1.Text + "','" + textBox2.Text + "')";
OdbcCommand cmd = new OdbcCommand(query, conn);
try
{
conn.Open();
cmd.ExecuteNonQuery();
MessageBox.Show("Record Inserted.");
}
finally
{
conn.Close();
}
|
|
|
|
|
Are you sure your user name and password are correct?
The database name appears to be missing as well.
|
|
|
|
|
thanks for reply.
yes username and password is correct. where i put database name???
|
|
|
|
|
OdbcConnection conn = new OdbcConnection("Driver={SQL Server};Server=test;DataBase=DataBaseName;UID=sa;PWD=java;");
|
|
|
|
|
|
mjawadkhatri wrote: OdbcConnection conn = new OdbcConnection("Driver={SQL Server};Server=test;UID=sa;PWD=java;");
try this:
<br />
OdbcConnection conn = new OdbcConnection("DSN=test;UID=sa;PWD=java;");<br />
this is assuming that you have created a DSN entry with name test.
|
|
|
|