0

I am making a login form in C# visual studio from my local MySQL database. However everytime i enter the informations it tells me that the username and/or password is incorrect which i know is false. here is the code:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using MySql.Data.MySqlClient;


namespace Dark_Heresy
{
    public partial class Form1 : Form
    {
        private MySqlConnection connection = new MySqlConnection();
        public Form1()
        {
            InitializeComponent();

        }

        private void Form1_Load(object sender, EventArgs e)
        {

        }

        private void btn_Login_Click(object sender, EventArgs e)
        {
            try
            {
                String MyConnection = "datasource = localhost; port = 3306; username = root; password = Mypass;";
                MySqlConnection MyConn = new MySqlConnection(MyConnection);
                MySqlCommand SelectCommand = new MySqlCommand("SELECT * FROM dark_heresy.users WHERE users_='"+ this.TextUserName.Text + "' and password_='"+ this.TextPassword.Text + "';", MyConn);

                MySqlDataReader MyReader;
                MyConn.Open();
                MyReader = SelectCommand.ExecuteReader();
                int count = 0;
                while (MyReader.Read())
                {
                    count = count++;
                }
                if (count == 1)
                {
                    MessageBox.Show("Connection Successful");
                }
                else if (count > 1)
                {
                    MessageBox.Show("Duplication of Username and Password... Access Denied");
                }
                else

                    MessageBox.Show("Incorrect Username and/or Password");
                MyConn.Close();


            }
            catch (Exception exp)
            {
                MessageBox.Show("Error: \r\n" + exp);
            }


        }


        }
    }

In MySQL workbench it work, it shows me the "user" with its "password" when make this query:

SELECT * FROM dark_heresy.users WHERE users_='admin' and password_='adminpass';

The connection works fine, it has been tested, but always get the result "Incorrect Username and/or Password".

Improve this question
4
  • 2
    The very first thing to fix is to stop creating your SQL like this - use parameterized SQL instead. See bobby-tables.com for why. Next, stop putting your passwords in plaintext in the database. Ideally, use an authentication system that someone else has written... there really is no good reason to put your own together, and you're putting the security of your users at risk. Commented Nov 21, 2014 at 17:13
  • 1
    Oh, and for similar situations where you need a count of the number of records, look into using COUNT in your query and ExecuteScalar to execute it. Commented Nov 21, 2014 at 17:14
  • And where you don't need a count, just checking for the existence of a row, use EXISTS. Commented Nov 21, 2014 at 17:19
  • @JonSkeet yes i know for security reason i should not put my own together, i started by using mysql.user where the password is encrypted, and becuase it told me wrong password i thought it was becuase it was trying to compare it with encrypted version, thats why i just created a "test" table with users. The idea is to go back to the mysql.user for security reason. Commented Nov 22, 2014 at 13:57

1 Answer 1

Reset to default
3

Along with more issues in your code your problem is

count = count++;

Postfix increment increments the count but returns its previous value.

string connectionString = "datasource = localhost; port = 3306; username = root; password = Mypass;";
using(MySqlConnection myConn = new MySqlConnection(connectionString))
using(MySqlCommand selectCommand = new MySqlCommand())
{
    selectCommand.CommandText = "SELECT COUNT(1) FROM dark_heresy.users WHERE users_=@User and password_=@Password";
    selectCommand.Connection = myConn;
    selectCommand.Parameters.Add(new MySqlParameter("User", MySqlDbType.VarChar).Value = TextUserName.Text);
    selectCommand.Parameters.Add(new MySqlParameter("Password", MySqlDbType.VarChar).Value = TextPassword.Text);
    myConn.Open();
    var ret = selectCommand.ExecuteScalar();
    var count = Convert.ToInt32(ret);
    if (count == 1)
    {
         MessageBox.Show("Connection Successful");
    }
    else if (count > 1)
    {
         MessageBox.Show("Duplication of Username and Password... Access Denied");
    }
    else
    {
          MessageBox.Show("Incorrect Username and/or Password");
    }  
}
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Like: when i try the code you posted i get 18 errors, like: The name 'count' does not exist in the current context and error in the line selectCommand.Text = "SELECT COUNT(1) FROM dark_heresy.users WHERE users_=@User and password_=@Password;"); also the name 'MysqlType' does not exist in the current context
i have cleaned and rebuilded the project
hehe i meant i have cleaned and rebuilded but still have the same errors @HamletHakobyan
That is true, but it is still in "SELECT COUNT(1) FROM mysql.user WHERE users_=@User and password_=@Password;"); says only assignment, call, increment, decrement, await and new object expressions can be used as a statement. and TextPassword.Text)); saying it expects a ; and Int32.Convert(ret); says 'int' does not contain definition for 'Convert'
New update. I think we have done debugging your code. But with VS it could be done much quickly.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.