login validation

Question

psathish2 -6 Junior Poster in Training

16 Years Ago

hi

i am asp.net beginner, i doing login validation using asp.net in c#. here i was create the db in sql server 2005 ,fetch the data from db and compare the text box value.

if condition error will be show. it is using visual studio 2005.

given below my code plz correct the error.

using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.Sql;
using System.Data.SqlClient;



public partial class index : System.Web.UI.Page
{
SqlConnection conjds = new SqlConnection();
SqlCommand cmdjds = new SqlCommand();
SqlDataReader redjds;


protected void Page_Load(object sender, EventArgs e)
{


}
protected void Button1_Click(object sender, EventArgs e)
{
string log1, pass1, cid;
string login1, pass2, client1;
//log1 = username.Text;
//pass1 = pass.Text;
//cid = clientid.Text;


conjds.ConnectionString = ConfigurationManager.ConnectionStrings["maillog"].ToString();
conjds.Open();
cmdjds.Connection = conjds;
cmdjds.CommandText = "Select * from login ";
cmdjds.ExecuteNonQuery();
redjds = cmdjds.ExecuteReader();


while (redjds.Read())
{


login1 = redjds.GetString(0);
pass2 = redjds.GetString(1);
client1 = redjds.GetString(2);


}


if (username.Text = "login1" && pass.Text = "pass2" && clientid.Text = "client1" )
{


Response.Redirect("~/assign.aspx");


}


else
{
Response.Write("wrong");
}


conjds.Close();


}

asp.net

Edited 11 Years Ago by happygeek because: fixed formatting

3 Contributors
8 Replies
254 Views
1 Week Discussion Span
Latest Post 16 Years Ago Latest Post by psathish2

dilipv 0 Light Poster

16 Years Ago

Hi psathish2,

cmdjds.ExecuteNonQuery();

First of all remove the above quote because it is used when there is no rows are returned, but you are using SELECT statement which returns some number of rows.

if (username.Text = "login1" && pass.Text = "pass2" && clientid.Text = "client1" )

Secondly your if condition is totally wrong. Because you collected rows information in to login1 and pass2 then you can directly compare it with any text, no need of Double quote. For ex: -
if(username.Text == login1 && pass.Text == pass2 && clientid.Text == client1)
Instead OF
if(username.Text = "login1" && pass.Text = "pass2" && clientid.Text = "client1")

OR you can use String1.Equals(String2) function to campare two strings.
So if condtion should be
if(username.Text.Equals(login1) && pass.Text.Equals(pass2) && clientid.Text.Equals(client1))

Hope this will help you. If problem persist feel free to ask again to me.
Thanks & Regards
Dilip Kumar Vishwakarma
Programmer
.Net Consulting

SheSaidImaPregy 28 Veteran Poster

16 Years Ago

Hey, there are many things that are wrong and need updating, so I will lead you through it:

conjds.ConnectionString = ConfigurationManager.ConnectionStrings["maillog"].ToString();
conjds.Open();
cmdjds.Connection = conjds;

//-----------
//This below command is wrong because you are selected everything
//from the database, including all 60,000 rows if you have that many users.
//cmdjds.CommandText = "Select * from login ";
//Below line might need changing depending on your column names
cmdjds.CommandText = "SELECT userpass, clientid FROM login WHERE username=@username"
//Parameters help prevent against SQL injection. I would recommend them.
cmdjds.Parameters.AddWithValue( "@username", Trim(username.Text) )
//-----------
//-----------
//This below command doesn't return any rows. It is only used for
//updates, deletes, and inserts. It does return one value, the number
//of records it affected.
//cmdjds.ExecuteNonQuery();
//The above line actually wasn't needed at all, and did nothing. The
//below line (reader) is what does it all.
redjds = cmdjds.ExecuteReader();
//-----------

//-----------
//For using the while read command, it will do whatever is in between
//the brackets for as many rows as you return. If you for some reason
//return 4 rows, it will set those variables 4 times, overwriting it every time.
//A fix for this is to limit the amount of rows returned:
//"SELECT TOP 1 userpass, clientid FROM login WHERE..."
//That will only select 1 row.
while (redjds.Read())
{

login1 = redjds.GetString(0);
pass2 = redjds.GetString(1);
client1 = redjds.GetString(2);

}

//this line fails in a few aspects. C#, much like javascript, uses one single
//equal sign to assign values. You are basically assigning username.Text to
//the login username retrieved from the database, same with the rest
//accordingly. For c#, you use two equal signs to do a logical test. Also, for
//variables that you assign values to (login1, pass2, client1, etc.), you never
//put quotes around. client1 = "a database value", "client1" = "client1"
//Keep in mind, this below line also doesn't compare case-senitivity. The password
//"jerryspringer" will pass validation even though the actual database password is
//"JerrySpringer". To compare case-sensitivity, use the string.equal or string.compare
//methods. Look them up on microsoft.com (google:  site:microsoft.com string.compare)
//if (username.Text = "login1" && pass.Text = "pass2" && clientid.Text = "client1" )
if (username.Text == login1 && pass.Text == pass2 && clientid.Text == client1)
{

Response.Redirect("~/assign.aspx");

}
else
{

Response.Write("wrong");

}

Hope I helped and gave you insight.

majestic0110 commented: kind genius!! +1

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

psathish2 -6 Junior Poster in Training · Answer 1 · 2008-02-15T13:46:21+00:00

thank you for information again this error should accorded..

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.Sql;
using System.Data.SqlClient;



public partial class index : System.Web.UI.Page
{
SqlConnection conjds = new SqlConnection();
SqlCommand cmdjds = new SqlCommand();
SqlDataReader redjds;


protected void Page_Load(object sender, EventArgs e)
{


}
protected void Button1_Click(object sender, EventArgs e)
{
string login1, pass2, client1;


conjds.ConnectionString = ConfigurationManager.ConnectionStrings["maillog"].ToString();
conjds.Open();
cmdjds.Connection = conjds;


cmdjds.CommandText = "SELECT username,password,clientid FROM login WHERE username=@username";


//trim is not suport here..



cmdjds.Parameters.AddWithValue("@username",Trim(username.Text));


// cmdjds.ExecuteNonQuery();
//redjds = cmdjds.ExecuteReader();


while (redjds.Read())
{
login1 = redjds.GetString(0);
pass2 = redjds.GetString(1);
client1 = redjds.GetString(2);


}


conjds.Close();


//here use of unassign local variable 'login1','pass2','client1' error is coming


if (username.Text == login1 && pass.Text == pass2 && clientid.Text == client1)
{


Response.Redirect("~/assign.aspx");


}
else
{


Response.Write("wrong");


}
}



}

psathish2 -6 Junior Poster in Training · Answer 2 · 2008-02-15T13:47:47+00:00

psathish2 -6 Junior Poster in Training

16 Years Ago

hi

SheSaidImaPregy 28 Veteran Poster · Answer 3 · 2008-02-15T20:53:07+00:00

Sorry, I am a VB.NET developer, so I mis did some syntax (Like trim).

Try the new code:

conjds.ConnectionString = ConfigurationManager.ConnectionStrings["maillog"].ToString();
conjds.Open();
cmdjds.Connection = conjds;

cmdjds.CommandText = "SELECT userpass, clientid FROM login WHERE username=@username"
cmdjds.Parameters.AddWithValue( "@username", username.Text.Trim() )

redjds = cmdjds.ExecuteReader();

while (redjds.Read())
{

login1 = redjds.GetString(0);
pass2 = redjds.GetString(1);
client1 = redjds.GetString(2);

}

if (login1 == username.Text.Trim() && pass2 == pass.Text.Trim() && client1 == clientid.Text.Trim())
{

Response.Redirect("~/assign.aspx");

}
else
{

Response.Write("wrong");

}

SheSaidImaPregy 28 Veteran Poster · Answer 4 · 2008-02-15T20:54:13+00:00

If that fails at the if statement, replace it with:

if(username.Text.Equals(login1) && pass.Text.Equals(pass2) && clientid.Text.Equals(client1))

psathish2 -6 Junior Poster in Training · Answer 5 · 2008-02-19T16:24:43+00:00

thank you for your coding but not working if condition not working else part to execute...

string login1, pass2, client1;


conjds.ConnectionString = ConfigurationManager.ConnectionStrings["maillog"].ToString();
conjds.Open();
cmdjds.Connection = conjds;


cmdjds.CommandText = "SELECT username,password,clientid FROM login WHERE username=@username";
cmdjds.Parameters.AddWithValue("@username",username.Text.Trim());


redjds = cmdjds.ExecuteReader();


while (redjds.Read())
{
login1 = redjds.GetString(0);
pass2 = redjds.GetString(1);
client1 = redjds.GetString(2);

// before i put in close bracket in while loop error showed login1,pass2,client1 unassign variable ...

so i changed put in bracket in last ...

//if (username.Text.Equals(login1) && pass.Text.Equals(pass2) && clientid.Text.Equals(client1))
if (login1 == username.Text.Trim() && pass2 == pass.Text.Trim() && client1 == clientid.Text.Trim())
{


Response.Redirect("~/assign.aspx");


}
else
{


Response.Write("wrong");



}
}
conjds.Close();
}

o/p: wrong only printed......

psathish2 -6 Junior Poster in Training · Answer 6 · 2008-02-27T16:41:47+00:00

thank you for everbody help to me..i got results...