guy's i encounter new problem again i write a login system that if users input is correct the mainform will show,enable and focus.., if not he/she only have 3 attempts to log in and it will close .., the problem is if input is correct login form it not focus and enable the mainform ., and cannot check 3 attempt if input is wrong.... need help guys thnx


here's code

private void check()
        {
            cls_con.cn.Open();
            try
            {
                MySqlCommand cmdCheck = new MySqlCommand("select UserName, Password from tblUser where Username='"+txtUserName.Text+"' and Password='"+txtPassword.Text+"'", cls_con.cn);
                MySqlDataReader drd = cmdCheck.ExecuteReader();
                while(drd.Read()){
                    string p1=txtUserName.Text, p2=txtPassword.Text;
                    if (p1 == drd["UserName"].ToString() && p2 == drd["Password"].ToString())
                    {
                        MessageBox.Show("thanks your IN");
                        frmMain fmain = new frmMain();
                        fmain.Activate();
                        fmain.Enabled = true;
                        this.Close();
                    }
                    else
                    {
                        Counter = Counter + 1;
                        txtUserName.Text = "";
                        txtPassword.Text = "";
                        txtUserName.Focus();
                        if (Counter == 2)
                        {
                            this.Close();
                            MessageBox.Show("hey your an asshole");
                        }
                    }
                    
                }
                drd.Close();
                cls_con.cn.Close();
                cmdCheck.Dispose();
            }
            catch (Exception exp) {

                cls_function.setCreateError(exp.Message);
            }
        }

Have you debugged your code while running it? Is the if statement even being called? Because if neither of the if sections get entered then it would appear your dataReader is empty and cannot read.

MySqlCommand cmdCheck = new MySqlCommand("select UserName, Password from tblUser where Username='"+txtUserName.Text+"' and Password='"+txtPassword.Text+"'", cls_con.cn);

Learn to use Parameterized queries. What happens if someone types in "blah'; drop table tblUser;" in the password box (exclude the " but keep everything else)?

Edited 5 Years Ago by Momerath: n/a

Comments
Correct.

thnx for rply i already figure out.., maybe can you help me in my next challenge i need to create external class using cryptography i need to shacryptoserviceprovider and tripledescryptoserviceprovider can you help me?

This article has been dead for over six months. Start a new discussion instead.