0

Im working on a SQL database project in C#. I'm looking to create a login form which will be presented when someone starts the application.

The connection is made to the database, however they must enter a correct username and password into the first form before they can proceed to see the rest.

I have created 2 text boxes, and a button txtusername and txtpassword and a button login.

Here is my SQL command:

SqlCommand command = new SqlCommand("SELECT * FROM tblUsers WHERE Username ='" + txtUsername + "' AND Password = '" + txtPassword + "'", Program.cs);

I'm looking for a way to show in a label if the sql command yields a result meaning the username and password is stored in the user table then it returns true or something. If there is a more efficient or effective way to this also let me know :).

Improve this question
3
  • can you show us where you process the result of the query? Commented Jul 25, 2012 at 10:44
  • 2
    Are you storing the passwords in plaintext? Commented Jul 25, 2012 at 10:45
  • Hi, i managed to create a login system using this to guide me. youtube.com/watch?v=L7Bc3GL1N8E&feature=related tho i tweaked it and used textbox instead of filling a combobox. Commented Jul 25, 2012 at 12:14

3 Answers 3

Reset to default
0

This code is a Vulnerability in your project See this for details

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You should never create command texts by concatenating strings. Use SqlParameter. That is to put first things first.

And it seems to me that you have no (or very little) understanding how data access works in .net. So I'd recommend you to read some books on that topic, for example, Microsoft's "Accessing Data with .NET Framework 4".

Improve this answer

1 Comment

Not an answer per se, but +1 for a very valid point. This question highlights a myriad of problems in understanding exactly how to work with a database in C#. Until the OP's done some reading and research, no answer will give much help...
0

Code for login page

tn_click() //button click event 
{ 
    Sqlconnection con=new
    sqlconnection(Strcon); 

    String sqlquery="select usrname,password from loginpage where username='textname.text' and password='textpassword.text'"; 

    Sqlcommand sqlcom=new Sqlcommand(Sqlquery,con); 
    con.open(); 

    Sqldatareader dr;
    dr=sqlcomm.executereader(commandbehavior close connection);
    
    if(dr.read()) 
    {  
        session["un"]=dr["username"].Tostring();
        session["pwd"]=dr["userpassword"].Tostring();
    
        if(dr["userpassword"].Tostring()!=null); 
            respone.redirect("userdetail.aspx"); 
    } 
    else 
    { 
        respone.redirect("login.aspx"); 
    } 
    else 
    {
        lblmsg.text="invalid user"; 
    }
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.