I am having a form through which user will enter empcode(checking whether it is present in the table)
When i click On Login i am getting the following error
Invalid column name
cmd.CommandText = "select employee_code from MST_Employee where employee_code = " + emp_code;

In the above select i m writing the where condition in which empcode is getting from textbox

Form1 frm = new Form1();
            emp_code = First_NametextBox.Text;
            SqlConnection connection_string = new SqlConnection(System.Configuration.ConfigurationManager.AppSettings["database1"]);
            connection_string.Open();
            SqlCommand cmd = connection_string.CreateCommand();
            cmd.CommandText = "select employee_code from MST_Employee where employee_code = " + emp_code;
            SqlDataReader row = cmd.ExecuteReader();

            while (row.Read())
            {
                temp_emp_code = (string)row[0];
            }
            row.Close();
            connection_string.Close();
            MessageBox.Show("Temp-emp-value : " + temp_emp_code);
            if (emp_code == temp_emp_code)
            {

                frm.Show();
            }
            else 
            {
                MessageBox.Show("Invalid Employee Code Type Again");
                return;
            }
            //MessageBox.Show("First :" + emp_code);

I am not getting what is wrong in my code

It has to written like this:

cmd.CommandText = "select employee_code from MST_Employee where employee_code = '" + emp_code + "';

Mitja

Edited 5 Years Ago by Mitja Bonca: n/a

Thanks for giving your valuable time
I am using execute scalar but problem can be of sql injection(in textbox user can type delete)

SqlCommand cmd = connection_string.CreateCommand();
            cmd.CommandText = "select employee_code from MST_Employee where [employee_code] = '" + Emp_codetextBox.Text + "'";
            
            temp_emp_code = (string)cmd.ExecuteScalar();

How can i correct the above code to avoid sql injection
And user give correct id it showing the next form according to code but it is not closing the login form

This article has been dead for over six months. Start a new discussion instead.