Click here to Skip to main content
15,885,941 members
Search within:


chk database table password with textbox entered password
Please Sign up or sign in to vote.
0.00/5 (No votes)
C#
con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
            da = new SqlDataAdapter("select password from login_master where username='"+TextBox1.Text+"'",con);
            ds = new DataSet();
            da.Fill(ds, "login_master");
            DataTable dt = new DataTable();
            dt = ds.Tables[0];


//here i have to chk database table password with textbox entered password in disconnected architecture


How can i do that......



Thanks in advanced
Posted
Updated 20-Dec-11 0:06am
v2
Add a Solution
Comments
Karthik Harve 20-Dec-11 6:07am    
[Edit] pre tags added.

8 solutions

write one function frmValidate() return type as boolean call this function in your button click code in If condition. In this function you have to check the entered value in the textbox is valid or not. code are as given below.
// write this after button click

VB
if FrmValidate() Then
  // show ur next e.g frmMDI.show()
  End if

/*This is your function to check the entered value in the textbox is valid or not if not then it will display messagbox.*/

Private Function FrmValidate() As Boolean
 Dim str, UserName,Password As String
  UserName=ds.Tables("login_master").Rows(0).Item("username")
  Password= ds.Tables(("login_master").Rows(0).Item("password")

if Not TextBox1.text = UserName.Trim Or Not
   TextBox2.text = Password.Trim Then
  str = "Invalid Password or Username.....Try Again."
  MsgBox(str,MsgBoxStyle.Information+vbOKOnly, "Incorrect password or username")
  TextBox1.Clear()
  TextBox2.Clear()
  Return False
End If
Return True
End Function



Hope this will help you .
Thanks & Regards
Farukh
 
Share this answer
 
Posted
Updated 20-Dec-11 1:56am
v2
Try this,


C#
con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
        con.open();
        string sql = "select * from login_master where username='"+TextBox1.Text + "'";
        cmd = new SqlCommand(sql, conn);
        da = new SqlDataAdapter(cmd);
        ds = new DataSet();
        da.Fill(ds, "login_master");
    if (ds.Tables[login_master].Rows[0]["password "].ToString()== TextBox2.Text.ToString())
        {
            string url = "Default2.aspx";
            Response.Redirect(url);
        }
    else
        {
            Response.Write("<script>alert('Invalid password');</script>");
        }
 
Share this answer
 
Posted
Updated 20-Dec-11 0:58am
v3
VB
con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
            da = new SqlDataAdapter("select password from login_master where username='"+TextBox1.Text+"'",con);
            ds = new DataSet();
da.selectcommand=cmd;
            da.Fill(ds, "login_master");
            DataTable dt = new DataTable();
            dt = ds.Tables[0].rows[0];
if(dt.table[0].rows[0]>0)
{
  if(textbox1.text !=dt.table[0].row[0].coloums["password"])
{
response.write("incorrect password");
}
}
 
Share this answer
 
Posted
As Griff says, you have left yourself wide open to a SQL Injection attack here. You really should look at using parameters in your query, rather than using text placement.

The traditional method for password verification requires that you have strengthened up your password a bit. You should never store the password as clear text - that's just begging a hacker to break into your database and steal login information.

Instead, you encrypt the users password using a random salt value which you would save alongside the encrypted password. Now, all you need to do is retrieve the user based off the username, encrypt the password with the salt you saved against that user, and compare the computed password with the stored password. If you get a match, the user has been verified.
 
Share this answer
 
Posted
Comments
[no name] 20-Dec-11 7:37am    
thats a demo application not live project..
Pete O'Hanlon 20-Dec-11 7:49am    
You have also been given a bit of a bum steer. You should never tell a user that it was an Invalid password. If you do that, you've just told somebody that the user name is valid, they only need to guess the password now. Even when you are writing a demo app, you really should consider the security side just so it becomes second nature to you.
RaisKazi 20-Dec-11 9:44am    
My 5.
Hi Nikhil,
Login Page in asp.net[^]
 
Share this answer
 
Posted
Please don't do it like that.
There are two reasons:
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
C#
con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
da = new SqlDataAdapter("select password from login_master where username=@UN",con);
da.SelectCommand.Parameters.AddWithValue("@UN", TextBox1.Text);

2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

[edit]Missed a closing quote - OriginalGriff[/edit]
 
Share this answer
 
Posted
Updated 20-Dec-11 0:27am
v2
Comments
Pete O'Hanlon 20-Dec-11 7:23am    
Added my 5 to compensate for the 1 vote. Can't really see why it was uni-voted.
RaisKazi 20-Dec-11 9:44am    
My 5.
string strQuery = " select password from login_master where username="+TextBox1.Text";
string strConnection =ConfigurationManager.ConnectionStrings("ConnectionString");
 SqlConnection sqlConn = new SqlConnection(strConnection);
 SqlCommand sqlComm = new SqlCommand(strQuery,sqlConn);
            SqlDataAdapter sqa= new SqlDataAdapter(sqlComm);
 
Share this answer
 
Posted
Updated 20-Dec-11 1:56am
v3
i want in disconnected architecture.....
 
Share this answer
 
Posted
Comments
André Kraak 20-Dec-11 6:44am    
If you have a question about or comment on a given solution use the "Have a Question or Comment?" option beneath the solution. When using this option the person who gave the solution gets an e-mail message and knows you placed a comment and can respond if he/she wants.

Please move the content of this solution to the solution you are commenting on and remove the solution.
Thank you.
anushripatil 20-Dec-11 6:51am    
string strConnection =ConfigurationManager.ConnectionStrings("ConnectionString");
HERE u can do a split
string strSplitConn=strConnection.split(';')
if(txtPassword.text==strSplitConn[3])
{
//here ur code
}
anushripatil 20-Dec-11 6:52am    
a
[no name] 20-Dec-11 6:55am    
u have not get my point anushri...

i have to chk fetch password from database with entered password int extbox in disconnected architecture,,,,,
anushripatil 20-Dec-11 23:57pm    
1)do u have ur pwd in connection string or it is coming from one of the table in db ???
If its in connection string u can do the split as mentioned earlier, if its coming from db u can get it using DataSet & then u can find if thats matching with ur txtbox value.& then go ahead with ur code
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
how to detect password based on department using textboxes in asp.net
How to update password and keep the record of current password in another table
import password to table
How to Retieve the data from SqlServer Database Table when value entered in Textbox.
Datatable page was not loaded and not able yo retrive the username & password .
Need to display password automatically in password textbox
Forget Password in asp.net
password insertion in sql2005 through asp.net table
Avoiding dictionary words in the password
Updating a password in c#

Advertise
Privacy
Cookies
Terms of Use
Last Updated 20 Dec 2011
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900