why is this code not working

Question

1.00/5 (2 votes)

See more:

this is the code for login button that should check the database and then show another form.but instead its always giving me the else part here, what am i doing wrong here.

C#

{
            SqlConnection con = new SqlConnection(@"Data Source=SAJJAD-PC;Initial Catalog=hotel;Integrated Security=True;");
            
            SqlDataAdapter sda = new SqlDataAdapter("select count(*) from login where username = '" + usernametxtbox+"'and password = '" +passwordtxtbox+"'",con);
 
            DataTable dt = new DataTable();
            sda.Fill(dt);
 

 

            if (dt.Rows[0][0].ToString() == "1")
            {
 
                con.Open();
 

                this.Hide();
                Form5 form5 = new Form5();
                form5.Show();
 
            }
            else
            {
                MessageBox.Show("Please Check your username and password again !");
            }

Posted 3-Aug-15 0:22am

Dark Commet

Add a Solution

Comments

F-ES Sitecore 3-Aug-15 6:31am

Use the debugger and see what dt.Rows[0][0] is returning. It's probably because you're not getting the field data correctly, google for examples on how you use datatables.

http://www.dotnetperls.com/datatable

[no name] 3-Aug-15 6:48am

There is no need to crosspost. You have already posted this in one forum. Pick a forum and delete the duplicate.
Fix your SQL injection vulnerability.
Run your code through the debugger and you would see what is going on.

Sanket Saxena 3-Aug-15 7:03am

Atleast check your dt.Rows.Count return any rows or not.........100% not.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2015-08-03T00:52:00

Dark Commet wrote:
what am i doing wrong here.

Would you like a list? :laugh:

Being honest, the answer is "pretty much everything".
You break the two first rules of databases:
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

Then, you don't check to see if there are any values in your data:

VB

sda.Fill(dt);
if (dt.Rows[0][0].ToString() == "1")

Then you unnecessarily convert to string, and do string comparisons,you use default names for forms, you don't dispose of objects that hold scarce resources, you don't do any error checking, you...

You get the idea. You have a long way to go.

So follow the link, have a read of the code there, and then change your db to support hashed passwords.
Return the hashed password for the user name, and compare that instead of trying to get the count. And please - for your own sake - use parameterised queries at all times!