Member Avatar for mj89

Hi,

I have created a simple login page in c#, the code compiles and runs however it does not execute correctly as when i give the correct input for username and password. it just skips and does the action for the code within the 'else' statement. What am i doing wrong? Could you please help me here. Thanks alot!

System.Data.SqlClient.SqlConnection conn = new SqlConnection("Data Source=ABC-PC;Initial Catalog=EScheduling;Integrated Security=True");
System.Data.SqlClient.SqlCommand cmd = new SqlCommand ("SELECT Username, Password FROM Login_Details where Username = '"+TextBox1.Text.ToString() + "'and Password='"+TextBox7.Text.ToString()+"'", conn);
        cmd.Connection = conn;       
        conn.Open();

        System.Data.SqlClient.SqlDataReader dr = cmd.ExecuteReader();

        while (dr.Read())
        {


            if ((dr["Username"].ToString() == TextBox1.Text) && (dr["Password"].ToString() == TextBox7.Text))
            {
                Response.Write("<script>alert('Success')</script>");
                Server.Transfer("HomePage.aspx");
            }

            else
            {
                Response.Write("<script>alert('You suck')</script>");
                TextBox1.Text = " ";
                TextBox7.Text = " ";
            }
        }
    }
}
  • 2 Contributors
  • 4 Replies
  • 83 Views
  • 10 Hours Discussion Span
  • Latest Post Latest Post by mj89

Recommended Answers

All 4 Replies

Member Avatar for Freon22

First I would never put my textbox in my sql statement like that, you are asking for trouble. Next why are you doing a while statement when you should only be returning one row? If you dont return a row then the name and password didn't match anything in the database. So all you really need to see is did it return anything? If it did then do your thing and go on, also if for some reason you need some values from the returned row you can get them if it does return a row. I redid you code a little to only look and see if it returned a row or not.

System.Data.SqlClient.SqlCommand cmd = new SqlCommand("SELECT Username, Password FROM Login_Details where Username = " +
            "@Username AND Password = @Password ", conn);
        cmd.Parameters.AddWithValue("@Username", TextBox1.Text.ToString());
        cmd.Parameters.AddWithValue("@Password", TextBox7.Text.Tostring());
        cmd.Connection = conn; 
        conn.Open(); 
        System.Data.SqlClient.SqlDataReader dr = cmd.ExecuteReader();

        if (dr.HasRows)
        {
            Response.Write("<script>alert('Success')</script>"); 
            Server.Transfer("HomePage.aspx"); 
        }
        else
        {
            Response.Write("<script>alert('You suck')</script>"); 
            TextBox1.Text = " "; 
            TextBox7.Text = " "; 
        }

PS: Dont forget to close your connection and set your datareader to nothing. Also you dont have to set your textbox to a string because they are already a string. I put the tostring on them just because you did it that way.

Edited by Freon22 because: n/a
Member Avatar for mj89

Hey,

Thanks so much for the effort however i feel there is a problem with the way i have written the if statement as everything else seems to be executing as it should be but it is still skilling the validation of the text box values with the data in the database. I'm still trying to figure out what i am missing.

Thank you once again! Really appreciate it.

Member Avatar for Freon22

If your not returning anything from the database then the if statement will fail and will move to the else part. So you may want to do a
if (dr.HasRows) just to check and see if it is returning a row.

Member Avatar for mj89

Hey,

I tried it and it works perfectly fine. I can't thank you enough for this valuable piece of help!!

Many thanks and much appreciation. =)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.