I am a beginner and I would like to know whats wrong with my code why it is not working.
I am trying to create a login form

private void btnSignIn_Click(object sender, EventArgs e)
        {
            string ConString;
            ConString = "Data Source=.;Initial Catalog=docworx;UserID=sa";
            SqlConnection DbCon = new SqlConnection(ConString);

            m_Login = this.txtUsername.Text;
            String StrPassword = this.txtPassword.Text;

            if(m_Login = null |= StrPassword = null)
            {
                MessageBox.Show("You are missing information.Please make sure that both the username and password fields are filled out.","Missing Info");
                this.txtUsername.Focus();
                return;
            }

            String StrSql = "Select userid,password Form Login Where userid="'+m_Login+'"";
            SqlCommand cm = new SqlCommand(StrSql,DbCon);
            SqlDataReader dr;
            Boolean valid = false;
            Boolean HasRows = false;
            try
            {
                DbCon.Open();
                dr = cm.ExecuteReader();

                if(dr.HasRows)
                {
                    while(dr.read())
                        if(StrPassword == dr.Item("password"))
                        {
                            valid = true;
                        }
                    HasRows = true;
                }
                dr.Close();
            }
            catch(Exception exo)
            {
                MessageBox.Show(exo.Message);
            }
            finally
            {
                if(DbCon.State == ConnectionState.Open)
                {
                    DbCon.Close();
                }
                cm = null;
                dr = null;
                DbCon.Dispose();
                GC.Collect();
            }
            iCount = iCount + 1;
            if (valid == true)
            {
                this.Hide();
                frmMain.Show();
            }
            else
                if (iCount == 3)
                {
                    MessageBox.Show("Contact Administrator!", "Invalid Info");
                    this.Close();
                }
                else
                    if (HasRows == false)
                    {
                        MessageBox.Show("Invalid user name, try again!", "Invalid Info");
                        this.txtUsername.Focus();
                        this.txtUsername.Text = " ";
                        this.txtPassword.Text = " ";
                    }
                    else
                    {
                        MessageBox.Show("Invalid password, try again!", "Invalid Info");
                        this.txtPassword.Focus();
                        this.txtPassword.Text = " ";

                    }


            
        }

Hi, I found two errors, It may be typo mistake

1. if(m_Login = null |= StrPassword = null) can be changed as if(m_Login == null || StrPassword == null) ___
2. String StrSql = "Select userid,password Form Login Where userid="'+m_Login+'""; can be changed as String StrSql = "Select userid, password From Login Where userid='" + m_Login+ "'";

hi!
If you're using 2.0 you can use . string.IsNullOrEmpty to check your strings. and its far safe to use string.format on sql queries. eg.
string sql = string.Format("Select userid, password From Login Where userid='{0}'",m_login);

This article has been dead for over six months. Start a new discussion instead.