0

So basically I am creating a login system using C#.net and MS access.I am using a class to deal with all the connections but basically the username and password values are passed to the method in the connection class and I am trying to check the credentials from the text boxes against the database.

Problem is, when I use executenonquery it allows any credentials to be entered even if they are not in the database.

I am currently using ExecuteReader and checking whether the reader is returning true. Problem is it always returns false even when the credentials that are entered are present in the database. I have no idea what is wrong.

public static bool adminLoginIn(string user, string password) //method to allow the admin to log in to the admin panel
    {
        OleDbConnection myConnection = GetConnection(); //calls the connection method which returns database connection string
        string myQuery = "SELECT * FROM Staff WHERE Username = '" + user + "' AND Password = '" + password + "'";
        OleDbCommand myCommand = new OleDbCommand(myQuery, myConnection);

        try
        {
           myConnection.Open(); //open the database connection
           OleDbDataReader dr = myCommand.ExecuteReader(); 

           if (dr.Read())
           {
               return true;
           }
           else
           {
               return false;
           }

        }

        catch (Exception ex)
        {
            return false;
        }
        finally
        {
            myConnection.Close(); //close the database connection
        }

    }
Roddy
  • 66,617
  • 42
  • 165
  • 277
J.Proud
  • 57
  • 2
  • 9

1 Answers1

0

If it's always returning false no matter what, checking your catch statement is a prime suspect: if your code is raising an exception you're swallowing it and returning false.

Remove the try/catch and replace it with a using (and apply it to the other IDisposables, too).

Community
  • 1
  • 1
Albireo
  • 10,977
  • 13
  • 62
  • 96