We're a community of 1077K IT Pros here for help, advice, solutions, professional growth and fun. Join us!
1,076,124 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Start New Discussion Reply to this Discussion
Ad: Save Now—Cisco UCS C24 M3 Rack Servers
2 Years Ago
0

Simple login problem using database

Please help me to develop this simple windows login form
problem is i am unable to validate my user name and password...

namespace WindowsFormsApplication1
{
    public partial class Form1 : Form
    {
       
        public Form1()
        {
            InitializeComponent();
        }

        private void button1_Click(object sender, EventArgs e)
        {
            login(txt_username.Text, txt_password.Text);
       
                
           
        }
      
            public Boolean login(string user,string pass)
            {
                SqlConnection con = new SqlConnection("Data Source=SNSS1\\SQLEXPRESS;Initial Catalog=Employee;User ID=sa;Password=eLog!234");
                con.Open();
                SqlCommand cmd=new SqlCommand ("select * from Tbl_password where UserName='"+user+"' and Password='"+pass+"'",con);
                SqlDataReader dr = cmd.ExecuteReader();
                while(dr.Read())
                {
                    if ((dr["UserName"].ToString() == user) && (dr["Password"].ToString() == pass))
                    {
                      
                        Form2 frm2 = new Form2();
                        frm2.Show();
                    }


                }
                return false;
            }
     

      
    }
}
4
Contributors
5
Replies
1 Day
Discussion Span
2 Years Ago
Last Updated
6
Views
manavsm
Light Poster
27 posts since Jun 2008
Reputation Points: 4
Solved Threads: 0
Skill Endorsements: 0
2 Years Ago
0

this Link will help you. it is in VB.Net do small change it will work in C# also.

pritesh2010
Posting Whiz in Training
265 posts since Mar 2010
Reputation Points: 40
Solved Threads: 46
Skill Endorsements: 0
2 Years Ago
0

Rather than creating your new form inside your login method, keep your login method purely for validating the user then create the form based on its return value:

private void button1_Click(object sender, EventArgs e)
        {
           bool Validated = login(txt_username.Text, txt_password.Text);
           if(Validated)
           {
               //show form
           }
           else
           {
               //notify user of invalid credentials
           }
        }
      
            public Boolean login(string user,string pass)
            {
                SqlConnection con = new SqlConnection("Data Source=SNSS1\\SQLEXPRESS;Initial Catalog=Employee;User ID=sa;Password=eLog!234");
                con.Open();
                SqlCommand cmd=new SqlCommand ("select * from Tbl_password where UserName='"+user+"' and Password='"+pass+"'",con);
                SqlDataReader dr = cmd.ExecuteReader();
                while(dr.Read())
                {
                    if ((dr["UserName"].ToString() == user) && (dr["Password"].ToString() == pass))
                    {
                        return true;
                    }
                }
                return false;
            }

You may also want to reconsider the while(dr.Read()) section. If you call dr.Read() when no records have been returned you will throw an exception. Take a look at the dr.HasRows property and see if you can streamline the logic in that section.
Post your changes and let us know if you get stuck :)

Ryshad
Nearly a Posting Virtuoso
1,307 posts since Aug 2009
Reputation Points: 512
Solved Threads: 247
Skill Endorsements: 10
2 Years Ago
0

thanks got it ...

manavsm
Light Poster
27 posts since Jun 2008
Reputation Points: 4
Solved Threads: 0
Skill Endorsements: 0
2 Years Ago
0

No problem. remember to mark the thread as solved if your problem has been resolved :)

Ryshad
Nearly a Posting Virtuoso
1,307 posts since Aug 2009
Reputation Points: 512
Solved Threads: 247
Skill Endorsements: 10
2 Years Ago
0

Remember, this type of dynamic SQL query will cause SQL Injection vulnerability for your application. Use parametrized queries instead of appending the SQL string.
For example:
change SQL to,
select * from Tbl_password where UserName=@userName and Password=@password

SqlParameter userName=new SqlParameter("@userName",SqlDBType.Varchar);
SqlParameter passsword=new SqlParameter("@password",SqlDBType.Varchar);
cmd.Parameters.Add(userName);
cmd.Parameters.Add(password);

Another suggestion:
Instead of selecting user name and password from table, change the sql query like this:
select count(*) from Tbl_password where UserName=@userName and Password=@password
Then,
int status=cmd.ExecuteScalar()

if (status==1)
return true;
else
return false;

raj_developer
Light Poster
25 posts since May 2010
Reputation Points: 8
Solved Threads: 2
Skill Endorsements: 0

This article has been dead for over three months: Start a new discussion instead

Post: Markdown Syntax: Formatting Help
 
You
Software Development > C#
 
© 2013 DaniWeb® LLC
Page rendered in 0.0744 seconds using 2.74MB