0

Login password injection is not working - how to implement in my project?

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
    SqlConnection con = new SqlConnection(@"Data Source=DESKTOP-G9SO8KA;Initial Catalog=coolege;Integrated Security=True");
    string qry="select * from tblstudent where Email='"+Login1.UserName+"'and Password='"+Login1.Password+"' ";
    adpt = new SqlDataAdapter(qry,con);
    dt = new DataTable();
    adpt.Fill(dt);

    if (dt.Rows.Count >= 1)
    {
        Response.Redirect("index.aspx");
    }
}
Improve this question
4
  • This is a badly worded question. Please provide some more information. How is it not working? What are you trying, What error messages are you getting Commented Feb 28, 2020 at 11:05
  • 2
    Please say this isn't production code, it's massively vulnerable to SQL injection, please use the SqlCommand with parameters. Else this obligatory XKCD will happen to you Commented Feb 28, 2020 at 11:05
  • What do you mean by password injection ? Do you mean dependency injection ? Side note, use parameters in your query, otherwise, your code is open to SQL Injection ! Commented Feb 28, 2020 at 11:05
  • This is not ASP.NET MVC 5, it's WebForms. Also: sql injection == troubles, use parameters. Commented Feb 28, 2020 at 11:13

1 Answer 1

Reset to default
1

Two things:

  1. Don't use concatenate strings on your sql query. Use SQL parameters
  2. You are not opening the connection

Try like:

SqlConnection con = new SqlConnection(@"Data Source=DESKTOP-G9SO8KA;Initial Catalog=coolege;Integrated Security=True");
string qry="select * from tblstudent where Email='@name and Password=@pass";
adpt = new SqlDataAdapter(qry,con);
adpt.SelectCommand.Parameters.Add("@name", SqlDbType.NVarChar).Value = Login1.UserName;
adpt.SelectCommand.Parameters.Add("@pass", SqlDbType.NVarChar).Value = Login1.Password;
con.Open();
...
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.