Hello,

I'm trying to crate a login form that basically logs users in..

Now, I have created the database, and queried the table to see if the user exists.. But how do you check if the query returns whether it is or not? E.g. in PHP you'd use like..

<?php

   if(mysql_affected_rows() == 1)
   {


   }
?>

here is my code..

private void loginBUTTON_Click(object sender, EventArgs e)
        {
            string connection = @"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\program.mdf;Integrated Security=True;User Instance=True";
            SqlConnection connect = new SqlConnection(connection);
            try
            {
                connect.Open();
                n.setEmail(emailInput.Text);
                n.setPassword(passwordInput.Text);
            }
            catch (Exception ex)
            {
                MessageBox.Show("We were unable to connect to the rquired database!" + ex);

            }

            try
            {
                string login_query = ("SELECT * FROM students WHERE email='Phillip'");
                SqlCommand login = new SqlCommand(login_query, connect);
            }
            catch (Exception login)
            {
                MessageBox.Show("Unable to login" + login);
            }

        }

For login ordinary we have userName and password. So for checking if user exist in the database you only chack for these 2 parameters.

So:

SELECT UserName, Password FROM Users WHERE UserName = 'textBoxUserName.Text'

Now you open an sqlDataReader which wil check if the userName exists.
If exists you compare the Password of this user from the database, with the one from textBoxPassword.Text.
If passwords are equal, login is successful
If not password is incorrect.

If even userName does not exist in the dataBase, login data from textBoxes are completely off.
This is how you do the login checking!

Hope it helps.

PS: here is the full code for login:

public static bool LogingInMethod(string userName, string password)
        {
            bool result = false;

            string sqlQuery = "SELECT UserName, Password FROM Users WHERE UserName ='" + userName + "'";
            using (SqlConnection sqlConn = new SqlConnection(p))
            {
                SqlCommand cmd = new SqlCommand(sqlQuery, sqlConn);
                SqlDataReader reader;
                bool bHasRows = false;
                try
                {
                    sqlConn.Open();
                    reader = cmd.ExecuteReader();
                    if (reader.HasRows)
                    {
                        while (reader.Read())

                            if (password == reader["Password"].ToString().Trim())
                            {
                                result = true;
                                break;
                            }
                        bHasRows = true;
                    }
                    reader.Close();
                }
                catch (System.Exception ex)
                {
                    MessageBox.Show(ex.Message);
                    sqlConn.Close();
                }
                finally
                {
                    if (sqlConn.State == ConnectionState.Open)
                    {
                        sqlConn.Close();
                    }
                    cmd = null;
                    reader = null;
                    GC.Collect();
                }

                if (result == true)
                {
                    result = true;
                }

                else if (bHasRows == false)
                {
                    MessageBox.Show("Wrong userName.", "Eror", MessageBoxButtons.OK, MessageBoxIcon.Error);
                    result = false;
                }
                else
                {
                    MessageBox.Show("Wrong password.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
                    result = false;
                }
            }
            return result;
        }
This question has already been answered. Start a new discussion instead.