Hiii
i am creating login form, and all the logic is correct by me but when i run the form it
executes and inspite of i am providing the correct username and password i get the same message "Wrong login info is provided". please help me on this topic, thanx in advance! my code is as below:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;


namespace softbuyweb
{
public partial class Login : Form
{
public Login()
{
InitializeComponent();
textBox1.Select();


}


private void button1_Click(object sender, EventArgs e)
{
bool blnfound = false ;
SqlConnection myconn = new SqlConnection();
myconn.ConnectionString = "Data Source=COMPUTER_1;Initial Catalog=softbuyweb;Integrated Security=True";
myconn.Open();
SqlCommand cmd = new SqlCommand("select * from Login", myconn);
SqlDataReader dr = cmd.ExecuteReader();


while (dr.Read())
{


if (dr["username"].ToString() == textBox1.Text)
{



if (dr["password"].ToString() == textBox2.Text)
{


blnfound = true;
MessageBox.Show("fine");
}


}


}



if (blnfound == false)


MessageBox.Show("Wrong login info is provided");
dr.Close();



myconn.Close();
}



}



}

Edited 3 Years Ago by happygeek: fixed formatting

Your logic is wrong! you should have Sql statement which takes 2 parameters username and password and returns scalar value number, 1 is valid or 0 otherwise, don't select from DataReader!!

You never want to "Select *" from a table, or iterate every row instead of including a proper where clause. Only bring forth the columns you need. I disagree that you should only query the scalar value (string) of the password because more than likely you want to cache the user's full name or initials in the application when they log in. Here is an example.

private void simpleButton1_Click(object sender, EventArgs e)
    {
      const string userName = "scott";
      const string password = "password";
      const string connStr = "Data Source = apex2006sql; Initial Catalog = ServManLeather; Integrated Security = True;";
      const string query = @"Select Username, Password From vea_User (NOLOCK) Where UserName = @UserName";

      using (DataTable dtUser = new DataTable())
      {
        using (SqlConnection conn = new SqlConnection(connStr))
        {
          conn.Open();
          using (SqlCommand cmd = new SqlCommand(query, conn))
          {
            cmd.Parameters.Add(new SqlParameter("@UserName", userName));
            using (SqlDataReader dr = cmd.ExecuteReader())
            {
              dtUser.Load(dr);
            }
          }
          conn.Close();
        }
        if ((dtUser.Rows.Count > 0) && (Convert.ToString(dtUser.Rows[0]["Password"]).Equals(password)))
        {
          //login ok
        }
      }
    }
This article has been dead for over six months. Start a new discussion instead.