0

I am creating a WinForm Registration Form and recently switched my entire code to remove SQL Injections I was getting. I can now register users to be stored in my database but I can not user that information to log on.

string constring = "datasource=127.0.0.1;port=3306;username=root;password=welcome";
string Query = "insert into userdatabase.users (userid, email, passone, passtwo, lastname, firstname) values(@userid,@email,@passone,@passtwo,@lastname,@firstname)";
MySqlConnection conDatabase = new MySqlConnection(constring);
MySqlCommand cmd = new MySqlCommand(Query, conDatabase);
cmd.Parameters.AddWithValue("userid", this.userid_txt.Text);
cmd.Parameters.AddWithValue("passone", this.passone_txt.Text);

try
{
    conDatabase.Open();
    cmd.ExecuteNonQuery();
    MessageBox.Show("Welcome to iDSTEM!");
}
catch (Exception ex)
{
    MessageBox.Show(ex.Message);
}

That is the code for my login button, I know that the AddWithValue is not what needs to be there but that is what I currently have to store the values and wanted to know what I should change it to.

Here is my code that stores my data into MySql.

string constring = "datasource=127.0.0.1;port=3306;username=root;password=welcome";
string Query = "insert into userdatabase.users (userid, email, passone, passtwo, lastname, firstname) values(@userid,@email,@passone,@passtwo,@lastname,@firstname)";

MySqlConnection conDataBase = new MySqlConnection(constring);
MySqlCommand cmd = new MySqlCommand(Query, conDataBase);
cmd.Parameters.AddWithValue("userid", this.userid_txt.Text);
cmd.Parameters.AddWithValue("email", this.email_txt.Text);
cmd.Parameters.AddWithValue("passone", this.passone_txt.Text);
cmd.Parameters.AddWithValue("passtwo", this.passtwo_txt.Text);
cmd.Parameters.AddWithValue("lastname", this.lastname_txt.Text);
cmd.Parameters.AddWithValue("firstname", this.firstname_txt.Text);

try {
    conDataBase.Open();
    cmd.ExecuteNonQuery();
    MessageBox.Show("Welcome to iDSTEM!");
}
    catch (Exception ex)
{
        MessageBox.Show(ex.Message);
    }

When I run the log in I receive

Fatal Error encountered during command execution

Thanks in advance for any helps or tips you are able to give me.

Improve this question

1 Answer 1

Reset to default
1

To login, you will have to use SELECT * FROM tbl where username = @userid and password = @password instead of the insert statement that you've used. (I assume that the first code you've provided is for login). And then, instead of ExecuteNonQuery, you can use either ExecuteReader or DataAdapter to fill a DataSet.

You are receiving fatal error because the number of parameters expected in the insert query you wrote for login (6 -> @userid,@email,@passone,@passtwo,@lastname,@firstname) and those provided (2 -> @userid,@passone) is different.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I based the login off of my register form so thanks for pointing out the overlooks, I still think where I have 'cmd.Paramters.AddWithValue("@userid", this.userid_txt.Text);' is not supposed to me AddWithValue any ideas? @Manish Dalal
@Bendlino: I think AddWithValue is ok [msdn.microsoft.com/en-us/library/… Also, it seems that using @ with parameter name is optional for mySQL (but its always a better practice to have @ before parameter name)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.