Login error based on SQL server

Question

everytime i key-in the username and password even if it is in the database it says invalid login details. IS the sql code correct? The registration part is correct but when it comes to login there will always be an error

private void button1_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection("Data Source=DESKTOP-CJGIQ74;Initial Catalog=Login;Integrated Security=True");
        con.Open();

        string newcome = "SELECT Name FROM register WHERE Name='" + textBox1.Text + "'and Password='" + textBox2.Text + "'";

        SqlDataAdapter adp = new SqlDataAdapter(newcome, con);
        DataSet ds = new DataSet();
        adp.Fill(ds);
        DataTable dt = ds.Tables[0];

        if (dt.Rows.Count>=1)
        {
            settext = textBox1.Text;
            Admin_Main_Page AdminMainForm = new Admin_Main_Page();
            AdminMainForm.Show();
            this.Hide();
        }
        else
        {
            label4.Text = "Invalid Login Details";
        }

Some tips: Don't use string concatenation when constructing SQL queries, it makes your code vulnerable to SQL injection attacks: use parameters. Also `SqlConnection` and `SqlDataAdapter` are both `IDisposable` so each should be in a `using` block. [Edit] your question to add tags like 'sql' and the particular flavour of sql that you are using. — Richardissimo, Jul 18 '18 at 05:40
Possible duplicate of [What are good ways to prevent SQL injection?](https://stackoverflow.com/questions/14376473/what-are-good-ways-to-prevent-sql-injection) — mjwills, Jul 18 '18 at 05:42
What is the value of `textBox1.Text`? `textBox1.Text.Length`? `textBox2.Text`? `textBox2.Text.Length`? Are you **100% sure** you are connected to the right database? — mjwills, Jul 18 '18 at 05:43
`there will always be an error` What is the error? Which line throws it? — mjwills, Jul 18 '18 at 05:44
Are you sure that you have a record with the specified username and password in the table? — Chetan, Jul 18 '18 at 06:31
Yes im connected to the right database, and entering the exact data in the database and still give me invalid data entered. I will try using parameters instead of this — Sayed Ali Alwedaei, Jul 18 '18 at 18:31
Update: The teacher told me that i have to make While statement with IF statement inside to verify Name and password any ideas? and for (ds.Tables[0].Rows.Count > 0) i need to change the row/column number as i have in my database Name,Contact,Email,Address,Password,CreditCard not only Name and Password — Sayed Ali Alwedaei, Jul 19 '18 at 02:59

score -1 · Answer 1 · answered Jul 18 '18 at 05:43

-1

can you try this !

SqlDataAdapter adp = new SqlDataAdapter();
DataSet ds = new DataSet();
adp.SelectCommand = new SqlCommand("Your SQL Statement Here", con);
adp.Fill(ds);
con.Close();
if (ds.Tables[0].Rows.Count  > 0)
{
    settext = textBox1.Text;
    Admin_Main_Page AdminMainForm = new Admin_Main_Page();
    AdminMainForm.Show();
    this.Hide();
}
else{
   label4.Text = "Invalid Login Details";
}

answered Jul 18 '18 at 05:43

VNirav

64
6

Thanks for your contribution man. Still it give me Invalid Login Details – Sayed Ali Alwedaei Jul 18 '18 at 18:28

Login error based on SQL server

1 Answers1

Linked