1

I am working with C# (visual studio 2012 professional) and Mysql . I trying to create a login form, where a user needs to insert the username and password: 

    using System;
    using System.Collections.Generic;
    using System.ComponentModel;
    using System.Data;
    using System.Drawing;
    using System.Linq;
    using System.Text;
    using System.Threading.Tasks;
    using System.Windows.Forms;
    using MySql.Data.MySqlClient;


    namespace Dark_Heresy
    {
        public partial class Login_Menu : Form
        {
            private MySqlConnection connection = new MySqlConnection();
            public Login_Menu()
            {
                InitializeComponent();
                TextPassword.PasswordChar = '*';
            }

            private void Form1_Load(object sender, EventArgs e)
            {

            }

            private void btn_Login_Click(object sender, EventArgs e)
            {
                try
                {
                string connectionString = "datasource = localhost; port = 3306; username = root; password = Mypass;";
                using(MySqlConnection myConn = new MySqlConnection(connectionString))
                 using(MySqlCommand selectCommand = new MySqlCommand())
                    {
                    selectCommand.CommandText = ("SELECT COUNT(1) FROM dark_heresy.users WHERE users_=@User and password_=@Password;");
                    selectCommand.Connection = myConn;
                    selectCommand.Parameters.Add(new MySqlParameter("User", MySqlDbType.VarChar).Value = TextUserName.Text);
                    selectCommand.Parameters.Add(new MySqlParameter("Password", MySqlDbType.VarChar).Value = TextPassword.Text);
                    myConn.Open();
                    var ret = selectCommand.ExecuteScalar();
                    var count = Convert.ToInt32(ret);
                    if (count == 1)
                         {                  
                            this.Hide();
                            Menu mn = new Menu();
                            mn.ShowDialog();
                         }
                    else if (count > 1)
                         {
                            MessageBox.Show("Duplication of Username and Password... Access Denied");
                         }
                    else
                         {
                            MessageBox.Show("Incorrect Username and/or Password");
                         }
                    }


                }
                  catch (Exception exp)
                         {
                    MessageBox.Show("Error: \r\n" + exp); 
                          }

                }
            }
        }

I don't get any syntax errors, but when i run this code i recieve this error:

MySql.Data.MySqlClient.MySqlException(0x80004005):
Only MySqlParameter objects may be stored at MySql.Data.MySqlClient.MySqlParameterCollection.Add(Object value)
at Dark_Heresy.Login_Menu.btn_Login_Click(Object sender, EventArgs e)

I know for security reason is it a better idea to use mysql.user table instead of dark_heresy.users table for user check, but right now is for testing purpose. What is wrong with the code? it says there is an error in line 39

Improve this question

1 Answer 1

Reset to default
1

I think your parameter syntax is wrong.

= operator returns the right side value also instead of just assigning. That's why;

new MySqlParameter("User", MySqlDbType.VarChar).Value = TextUserName.Text;

expression returns TextUserName.Text as a value and your parameter part will be like;

selectCommand.Parameters.Add(TextUserName.Text);

The right syntax seems;

selectCommand.Parameters.Add("@User", MySqlDbType.VarChar).Value = TextUserName.Text;
selectCommand.Parameters.Add("@Password", MySqlDbType.VarChar).Value = TextPassword.Text;

And please, don't store your passwords as a plain text.

Read: Best way to store password in database

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I will have look into, as i described earlier, this is only for testing purpose, after that i will handle the security

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.