0

I'm trying to create a login aspx page.

What am I doing wrong here?

MySqlConnection cn = new MySqlConnection("Server=localhost;Database=securitytest; User=root;Password=sx;");

    cn.Open();
    MySqlCommand cmd = new MySqlCommand("Select * from login where username=@username and password=@password", cn);

    //Add parameters to get the username and password  

    cmd.Parameters.Add("@username", OdbcType.VarChar);
    cmd.Parameters["@username"].Value = this.Login1.UserName;

    cmd.Parameters.Add("@password", OdbcType.VarChar);
    cmd.Parameters["@password"].Value = this.Login1.Password;

    MySqlDataReader dr = default(MySqlDataReader);
    // Initialise a reader to read the rows from the login table.  
    // If row exists, the login is successful  

    dr = cmd.ExecuteReader();

    if (dr.HasRows)
    {
        e.Authenticated = true;
        // Event Authenticate is true  
    }
Improve this question

1 Answer 1

Reset to default
1

The MySql database provider uses ? to locate parameters in SQL. So, use ? instead of @ to mark your parameters in your SQL query:

MySqlCommand cmd = new MySqlCommand("Select * from login where username=?username and password=?password", cn);

cmd.Parameters.Add("?username", OdbcType.VarChar);
cmd.Parameters["?username"].Value = this.Login1.UserName;

...

Hope, this helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

@Mike: I am not referring to the ODBC provider. See this link dev.mysql.com/doc/refman/5.0/es/… for the MySQL .Net Provider. There you will find a note saying: Prior versions of the provider used the '@' symbol to mark parameters. New version use ? instead.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.