Dark Commet wrote:
what am i doing wrong here.
Would you like a list? :laugh:
Being honest, the answer is "pretty much everything".
You break the two first rules of databases:
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here:
Password Storage: How to do it.[
^]
Then, you don't check to see if there are any values in your data:
sda.Fill(dt);
if (dt.Rows[0][0].ToString() == "1")
Then you unnecessarily convert to string, and do string comparisons,you use default names for forms, you don't dispose of objects that hold scarce resources, you don't do any error checking, you...
You get the idea. You have a long way to go.
So follow the link, have a read of the code there, and then change your db to support hashed passwords.
Return the hashed password for the user name, and compare that instead of trying to get the count. And please - for your own sake - use parameterised queries at all times!