0

Basically what I'm trying to achieve is the following:-

I have a text box field with a value, I want to check this value against the value in the SQL Server database if there's a match then do a particular task.

This is what I have so far:

SELECT        userID, username , password
FROM           Users
WHERE        (username = textboxUsername.text) AND (password = textboxPassword.text

But it doesnt seem to work for me, I think I'm almost doing it correctly?

Also would I be better off using a data set or just a bog stand sql command as there will be other queries to be carried out?

Many thanks

Improve this question

2 Answers 2

Reset to default
1

Expanding a little on mazzucci's answer:

using (var con = new SqlConnection("connection string"))
{
    con.Open();
    var cmd = new SqlCommand(@"SELECT userID, username, password FROM Users WHERE (username = @username) AND (password = @password)");
    cmd.Parameters.AddWithValue("@username", textboxUsername.Text);
    cmd.Parameters.AddWithValue("@password", textboxPassword.Text);

    if (cmd.ExecuteNonQuery() > 0)
    {
        //They were the same
    }
}

However, consider that whatever you're doing looks fairly dangerous. I think Eric Lippert has made more than a few posts on SO about the dangers of passwords and authentication stuff in general.

Such as this one: Does salt need to be random to secure a password hash?

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I also seem to get a return value of -1 regardless of a match or not? Should I not be using the .ExecuteScalar() method?
1

You need to create the query using the values from the textboxes.

You can do this with named parameters for example to ensure values are escaped properly:

SqlCommand cmd = new SqlCommand();
cmd.CommandText = @"SELECT        userID, username , password
FROM           Users
WHERE        (username = @username) AND (password = @password)";

cmd.Parameters.AddWithValue("@username", textboxUsername.Text);
cmd.Parameters.AddWithValue("@password", textboxPassword.Text);
...
Improve this answer

1 Comment

I'm trying to do this using the SQLCommand Control from the tool box but still having problems

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.