SQL to C# Login query

Ameer Adel picture Ameer Adel · Feb 14, 2012 · Viewed 14.3k times · Source

hi i searched a lot about this subject and i can't seem to understand most of the coding done by the users, i m good with the 'Boarland C++ builder' and have good experience with it, but i can't seem to get to the bottom of the MSVS C# 2008, anywhos, my problem consist with the Login SQL Query, if thats the correct name for it, it seem that none of the searched and found solution work at all, here's part of my code "

using System.Data.Sql;

using System.Data.SqlClient;

namespace DMSTestLoginForm

{

public partial class Form1 : Form
{
    public Form1()
    {
        InitializeComponent();
    }

    private void Form1_Load(object sender, EventArgs e)
    {
        string connection = @"Data Source=.\SQLExpress;AttachDbFilename=|Data Directory is all set and ready to go|.mdf;Integrated Security=True;User Instance=True";
        SqlConnection con = new SqlConnection(connection);

        try
        {
            con.Open();
            //MessageBox.Show("Connection Successful");
        }
        catch (Exception)
        {
            //MessageBox.Show("Did not connect"); // connection is successful the issue is down bellow.
        }
    }

    private void lgnbtn_Click(object sender, EventArgs e)
    {
        string dummyun = uninput.Text;
        string dummypw = pwinput.Text;
        SqlCommand dummy1 = new SqlCommand("SELECT * FROM nurse WHERE n_id ='"+uninput.Text+"'");
        SqlCommand dummy2 = new SqlCommand("SELECT * FROM nurse WHERE n_pw = '"+pwinput.Text+"'");
        string dum = Convert.ToString(dummy1);
        string dum2 = Convert.ToString(dummy2);
        if((dum==dummyun)&&(dum2==dummypw))
            MessageBox.Show("Welcome in");        //this message is to test if i logged in or not.
            //Form2 Loggedin = new Form2;
            //Loggedin.Show();
       else
            MessageBox.Show("Login failed"); 

    }

the problem is not with my connection string its actually and as i mentioned above with the SQL query to check if the username/password consist in my DB.table; which is " nurse ", or not, i know i created lots of " string " instances, but i reached a desperate situation and will be Very thankful for the solution provider(s), thanks in advance.

Answer

Ravi Gadag picture Ravi Gadag · Feb 14, 2012

you need to Execute your SqlCommand Object with A Datareader. and try to use Parametrized queries . SqlDatareader

private void lgnbtn_Click(object sender, EventArgs e)
    {
        string dummyun = uninput.Text;
        string dummypw = pwinput.Text;
        con.Open();

        using(SqlCommand StrQuer = new SqlCommand("SELECT * FROM nurse WHERE n_id=@userid AND n_pw=@password", con))
        {
           StrQuer.Parameters.AddWithValue("@userid",dummyun);
           StrQuer.Parameters.AddWithValue("@password",dummypw);
         SqlDataReader dr = StrQuer.ExecuteReader(); 
         If(dr.HasRows)
         {
           MessageBox.Show("loginSuccess");    
         }
        else
        {
          //invalid login
        } 
     }   
    }