1

When I'am debugging my console says that my reader has no rows. Below you can find the code.

public ActionResult Login(LoginViewModel loginViewModel)
    {
        bool isSucces = false;


        if (ModelState.IsValid)
        {
            SqlConnection conn = new SqlConnection(@"Data Source=DESKTOP-9DG53HK\TOMSQL;Initial Catalog=Webshop;Integrated Security=True");
            conn.Open();

            string username = loginViewModel._username;
            string password = HashPassword(loginViewModel._username, loginViewModel._password);


            SqlCommand cmd = new SqlCommand("SELECT * FROM [User] WHERE Username = @Username and Password = @Password;", conn);
            cmd.Parameters.AddWithValue("@Username", username);
            cmd.Parameters.AddWithValue("@Password", password);


            SqlDataReader reader = cmd.ExecuteReader();

            if (reader.HasRows)
            {
                while (reader.Read())
                {
                    int Role = Convert.ToInt32(reader["Role"]);
                }
            }
            else
            {
                Console.WriteLine("No rows found.");
            }

            SqlDataAdapter da = new SqlDataAdapter(cmd);
            DataSet ds = new DataSet();
            da.Fill(ds);

            bool loginSuccessful = ((ds.Tables.Count > 0) && (ds.Tables[0].Rows.Count > 0));


            if (loginSuccessful)
            {
                //return View(new LoginViewModel(isSucces, Role));                       
            }
            else
            {
                Console.WriteLine("Invalid username or password");
            }

        }
        return View();
    }

The program skips the while loop completely. I have been searching for a while but could not find the answer maybe you guys see what is wrong.

Improve this question
11
  • you sure you are sending right parameters for username and password? can you put a breakpoint and confirm that you have right values and your select does return data? also, shouldn't your query put username and password as quoted string? SELECT * FROM [User] WHERE Username = '@Username' and Password = '@Password'; Commented Apr 18, 2018 at 10:33
  • are you that the query returns the actual result in the DB? Commented Apr 18, 2018 at 10:35
  • @Veljko89 username and password are having the correct values. Commented Apr 18, 2018 at 10:35
  • @Veljko89 I also tried the quoted string. Didn't work.. Commented Apr 18, 2018 at 10:38
  • 1
    @Veljko89 quoting parameters converts them to text. Parameters ensure that you never need quoting. If you need to use quoting, it means you are using string concatenation and are susceptible to SQL injection Commented Apr 18, 2018 at 10:45

2 Answers 2

Reset to default
3

First of all, when you have used SqlDataAdapter why do you need SqlDataReader? I recommend SqlDataAdapter because it also manages Connection and better approach then SqlDataReader. There are many things you must have to follow up with SqlDataReader which are Reader.Close(), Reader.Dispose(), Connection.Open() and Connection.Close() and Reader most likely fails on multiple hits when it is not async.

you can simply execute your code like this:

SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
int Role = 0;    
bool loginSuccessful = false;
if(ds != null && ds.tables[0].Rows.Count > 0)
{
  Role = Convert.ToInt32(ds.tables[0].Rows[0]["Role"]);
  loginSuccessful = true;
}
else
{
  // No rows found
}

Secondly (asnwering your actual question): there must be no match with the passed parameters therefore 0 Rows.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

he says dat the ds.tables[0].rows.count > 0 in the if statement 0 is?
@Bogatom the real question is why are you writing this insecure code instead of using MVC's authentication?
0

Are you positive that you are receiving data from your SELECT query? Try replacing it with a query such as:

SELECT * FROM Users WHERE id = 1;

I would also replace your if reader.HasRows with a simple trycatch as more comprehensive error handling.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.