condition for selecting value from any row of a table

Question

0.00/5 (No votes)

See more:

hi to all,
i am working on login form having two labels name customer id and password.
what i want is when i enter customer id and password in textboxes, and click on login button, customer id and password will be selected from any row of my table name customer_detail and when i apply condition, messagebox show "login is successful".
i applied following coding for selecting one row as shown below :

private void btnlog_Click(object sender, EventArgs e)
        {         
            cmd = new SqlCommand("select userid,password from customer_details where userid='" + txtcustid.Text + "'", con);
            
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            DataSet ds = new DataSet();
            da.Fill(ds);
            string custid;
            string password;
            custid = ds.Tables[0].Rows[0][0].ToString();
            password = ds.Tables[0].Rows[0][1].ToString();
            if (custid == txtcustid.Text && password == txtpswd.Text)
            {
                MessageBox.Show("login successful");
                this.Hide();
                product_at_warehouse thirdform;
                thirdform = new product_at_warehouse();
                thirdform.Show();
            }
            else
            {
                MessageBox.Show("login failed: Enter valid username or password");
            }
            
           
               // cmd.ExecuteNonQuery();
            
            }

please help me out of this.
kudos
neaS

Posted 1-Aug-11 21:39pm

neeraj24may

Updated 1-Aug-11 21:41pm

Toniyo Jackson

v2

Add a Solution

Comments

Toniyo Jackson 2-Aug-11 3:44am

Now, what is the problem/error?

RaisKazi 2-Aug-11 3:44am

What is the Error/Problem you are facing in this?

5 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Kim Togo · Answer 1 · 2011-08-01T21:52:00

There are some problems with the code.

If the SELECT statement does not find any rows. An Null exception will be thrown when you access the DataSet under

C#

custid = ds.Tables[0].Rows[0][0].ToString();

Replace DataSet with DataTable, and do a check on the DataTable.Rows.Count[^] to see if there are any rows returned in the SELECT statement.

Use SqlParameter and stop creating SQL strings like the one you do now.
See Give me parameterized SQL, or give me death[^].

Syed Salman Raza Zaidi · Answer 2 · 2011-08-01T21:49:00

Try this

private void btnlog_Click(object sender, EventArgs e)
        {         
            cmd = new SqlCommand("select userid,password from customer_details where userid='" + txtcustid.Text + "' and password='"+txtpwd.Text+"'", con);
            
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            DataSet ds = new DataSet();
            da.Fill(ds);
            string custid;
            string password;
            custid = ds.Tables[0].Rows[0][0].ToString();
            password = ds.Tables[0].Rows[0][1].ToString();
            if (custid == txtcustid.Text && password == txtpswd.Text)
            {
                MessageBox.Show("login successful");
                this.Hide();
                product_at_warehouse thirdform;
                thirdform = new product_at_warehouse();
                thirdform.Show();
            }
            else
            {
                MessageBox.Show("login failed: Enter valid username or password");
            }
            
           
               // cmd.ExecuteNonQuery();
            
            }

OriginalGriff · Answer 3 · 2011-08-01T21:53:00

There are a whole load of things wrong here: The first being "do not concatenate your strings". Google for "Sql Injection Attack" and then change to parametrized queries before you accidentally or deliberately destroy your database.

Second: Dont store your passwords in text. There is a Tip here which describes a better way: Password Storage: How to do it.[^]

Third: Why are you returning the customer ID in your SELECT statement, when you only ask for the values which match it?
Isn't the test

C#

if (custid == txtcustid.Text && password == txtpswd.Text)

kinda rendundant?

Fourth: What problem are you having?

neeraj24may · Answer 4 · 2011-08-01T23:53:00

hey i tried stored procedure rather than selecting value directly fron sql table but i m still not able to apply the condition.this is my code now

con.Open();

cmd = new SqlCommand("selectcust", con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("@userid", SqlDbType.VarChar).Value = txtcustid.Text;
cmd.Parameters.Add("@password", SqlDbType.VarChar).Value = txtpswd.Text;
SqlDataReader reader = cmd.ExecuteReader();
con.Close();

if (txtcustid.Text== "@userid"&& txtpswd.Text=="@password")
{
MessageBox.Show("login successful");
this.Hide();
product_at_warehouse thirdform;
thirdform = new product_at_warehouse();
thirdform.Show();
}
else
{
MessageBox.Show("login failed: Enter valid username or password");
}

}
here selectcust is my stored procedure name. when ever i enter correct username and password, it always show message invalid username or passwd. i checked by putting debugger,my value are never null.
what is wrong with coding.
lease do help me

mahesh__kumar__sharma · Answer 5 · 2011-08-02T06:56:00

Instead of using "SqlDataReader reader = cmd.ExecuteReader();"
fill data table

using (SqlDataReader myReader = myCommand.ExecuteReader())
{
DataTable myTable = new DataTable();
myTable.Load(myReader);
con.Close();

}
And now check. You must have values in data table "myTable" if credential are correct.

Thanks
Mahesh
http://helpondesk.blogspot.com/

condition for selecting value from any row of a table

5 solutions

Solution 2

Solution 1

Solution 3

Solution 4

Solution 5

Add your solution here

Preview 0