The number of things wrong with this... :sigh:
Let's start with the ones you don't know about!
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. This is really important at all times, but for a login form it's absolutely vital, as it means the user doesn't even have to be logged in to destroy your database...he can do it by typing in the "username" textbox!
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here:
Password Storage: How to do it.[
^]
3) Never use the "sa" user in SQL: he has full permissions and is the default when SQL server is installed. So he is the first user anyone tries in order to steal or damage data. Set up a user which has just enough permission for your app to work, and use that instead. At the very minimum, change the damn password!
4) You will never see anything happen on your progress bar, because it's on the same thread - and it will only get displayed when the click event handler exits.
5) SqlConnection, SqlCommand, and so forth are scarce resources - you need to dispose of them properly when you are finished, or your app will crash when it runs out.
A
using block is the best way as it disposes of teh resource when teh object goes out of scope.
Now the one you noticed!
Look at the error message:
ExcuteReader:Connction Proprty has not been initialized
Now look at your code:
SqlConnection con = new SqlConnection("...");
SqlCommand cmd=new SqlCommand("Select ...");
SqlDataReader dr=cmd.ExecuteReader();
You don't pass the SqlConnection to the SqlCommand!
Try:
using (SqlCommand cmd=new SqlCommand("Select ...", con))
{
...
}And one other thing: Open the connection before you try to use it!
Submit an article or tip