Click here to Skip to main content
15,896,915 members
Search within:


Why is this code not working?
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
ASP.NET
I'm using this code on Login button but it doesn't get the value from the table and login the user. Every time the else part is executing.

protected void ulogin_Click(object sender, EventArgs e)
   {
       SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["connection"].ConnectionString);
       con.Open();
       SqlDataAdapter sda = new SqlDataAdapter("Select * from registration where username='" + username + "' and password='" + password + "'",con);
       DataSet ds = new DataSet();
       sda.Fill(ds);

       int c=0;
       foreach(DataRow dr in ds.Tables[0].Rows)
       {
           c++;
       }
       con.Close();
       try
       {
           if (c > 0)
           {
               Response.Redirect("default.aspx");

           }
           else
           {
               invalidpassuname.Visible = true;
               username.Text = password.Text = "";
                           }
       }
       catch (Exception ex)
       {

       }
   }


Here invalidpassuname is a hidden label.
Posted
Add a Solution

7 solutions

First check by executing your Query in SQl Query-Analyzer(Editor) by passing same UserName and Password. Check does it returns any records.

Secondly you need not to have foreach loop for Total count of DataRows. Simply use as below code.
C#
int c = 0;

if (ds.Tables[0] != null)
{
  c = ds.Tables[0].Rows.Count;
}
 
Share this answer
 
Posted
Comments
Uday P.Singh 6-Nov-11 12:34pm    
have a 5!
RaisKazi 6-Nov-11 12:56pm    
Thank you Uday. :)
thatraja 6-Nov-11 13:28pm    
5!
RaisKazi 6-Nov-11 21:28pm    
Thank you Raja. :)
Apart from the answer of Raiskazi I would suggest to use Parameterized query to avoid SQL injection[^] attacks.
 
Share this answer
 
Posted
Comments
RaisKazi 6-Nov-11 13:06pm    
A valid security advice. 5ed
Uday P.Singh 6-Nov-11 14:15pm    
thanks RaisKazi :)
Raiskazi's way is better. But what you did should also give correct output.
Check,

C#
if(ds.Tables[0].Rows.Count !=0)


In your case it should be zero.

Regards.
 
Share this answer
 
Posted
Comments
RaisKazi 6-Nov-11 13:07pm    
I wouldn't vote, But your code may throw an error in case ds.Tables[0] is null.
You are using two global variable:username and password

check whether in page load you are assigning them to blank or not.

if yes then you should not do that or do like below. you should have knowledge about asp.net page life cycle.

if(!IsPostbask)
{
      username="";
      password="";
}

because without this if you will try to assign variables then every time on post back they will get reassign to black.

i think it will help you.
 
Share this answer
 
Posted
Updated 6-Nov-11 19:23pm
v2
except check the for loop you can directly check like this :-
C#
if(ds.tables[0].rows.count>0)
{
Response.Redirect("Default.aspx");
}
else
{
Label1.text="User Name and Password Incorrect";
}

//
If You Want to Work With Your Coading Then
I thin You have to declare your variable "c" globally.
 
Share this answer
 
Posted
Updated 6-Nov-11 22:17pm
v2
You have missed there to check table.

protected void ulogin_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["connection"].ConnectionString);
        con.Open();
        SqlDataAdapter sda = new SqlDataAdapter("Select * from registration where username='" + username + "' and password='" + password + "'", con);
        DataSet ds = new DataSet();
        sda.Fill(ds);

        int c = 0;
        if (ds.Tables.Count > 0)
        {
            foreach (DataRow dr in ds.Tables[0].Rows)
            {
                c++;
            }

        }
        con.Close();
        try
        {
            if (c > 0)
            {
                Response.Redirect("default.aspx");

            }
            else
            {
                invalidpassuname.Visible = true;
                username.Text = password.Text = "";
            }
        }
        catch (Exception ex)
        {

        }
    }
 
Share this answer
 
Posted
Updated 6-Nov-11 22:10pm
v2
//You can try this. don't worry about postback effect(like variable losses values)
// and also check the dataSet contains a data or not


protected void ulogin_Click(object sender, EventArgs e)
   {
       SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["connection"].ConnectionString);
       con.Open();
       SqlDataAdapter sda = new SqlDataAdapter("Select * from registration where username='" + username.text + "' and password='" + password.text + "'",con);
       DataSet ds = new DataSet();
       sda.Fill(ds);

       int c=0;
       if(ds.Tables[0].Rows.Count > 0)
       foreach(DataRow dr in ds.Tables[0].Rows)
       {
           c++;
       }
       con.Close();
       try
       {
           if (c > 0)
           {
               Response.Redirect("default.aspx");

           }
           else
           {
               invalidpassuname.Visible = true;
               username.Text = password.Text = "";
                           }
       }
       catch (Exception ex)
       {

       }
   }
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 7 Nov 2011
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900