Problem in updating password in SQL db via code in C#.net?

Question

4.00/5 (1 vote)

See more:

Hello,guys

I was just playing around c#.net as a new student,i did wanted to make billing system and initially i tried with updating/changing password of the username,scene is when user logins ,entering his/her username password,then there is a option to change the password via settings like in general yahoo,hotmail change password system.i hab sql db and it is connected but when i try to change the password it doesnt shows error,message says "it has been change" but when i check db password remains same, it doesnt change,like when i try to change the password of username:login whose present password is login1 to login2 ,it doesnt change.

The other fields in the form are username,password ,new password,confirm password,and the coe shown below is the update button click event.

Here is the coding I have done. Help me i couldnt trace the mistake/error.

C#

namespace Restaurant_Billing 
{
    public partial class changepassword : Form
    {
        public changepassword()
        {
            InitializeComponent();
        }
        SqlConnection cn = new SqlConnection();
        SqlCommand cm = new SqlCommand();
        

        private void button2_Click(object sender, EventArgs e)
        {
               Close();
                     
        }


        private void button1_Click(object sender, EventArgs e) //updating the new [
        {
            txtusername.Text = globalclass.m_globalvar;
            txtpasscurrent.Text = globalclass.m_globalvar;

            string username = txtusername.Text;
            string password = txtpasscurrent.Text;
            string newpassword = textpassnew.Text;
            string confirmnewpassword = textpassconfirm.Text;
            if (textpassnew.Text == textpassconfirm.Text)
            {
                cm = new SqlCommand("update tbluser set Pw = '" + textpassnew.Text + "' where U_name = '" + txtusername.Text + "'");
                cm.Connection = cn;
                cm.ExecuteNonQuery();
                MessageBox.Show("password has been changed");
            }
            else
            {
                MessageBox.Show("some errors!! dawg correct it!!");
                txtpasscurrent.Focus();
            }
        }

            private void changepassword_Load(object sender, EventArgs e)
        {
            this.txtusername.Text = globalclass.m_globalvar;
            cn = new SqlConnection(@"server=UMESHINATOR-PC\SQLEXPRESS;integrated security=true;database=nec");
            cn.Open();
        }
    }
}

Posted 12-Aug-12 8:20am

meshinator

Updated 12-Aug-12 8:27am

Kenneth Haugland

v2

Add a Solution

Comments

Rock (Multithreaded) 12-Aug-12 15:14pm

One important thing is,
int returned=cm.ExecuteNonQuery();
if(returned==1)
{
MessageBox.Show("password has been changed");
}
else
{
MessageBox.Show("Nothing has been changed");
}

Rock (Multithreaded) 12-Aug-12 15:29pm

Your query was wrong!
Now New Query is:
cm = new SqlCommand("update tbluser set Pw = 'NewPassword' where Pw = 'OldPassword' And U_name= 'UserName';

StianSandberg 12-Aug-12 17:05pm

Your code is vulnerable for sql-injectons. You should use sql parameters. I wrote an article about this a few weeks ago: read it here

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Rock (Multithreaded) · Answer 1 · 2012-08-12T09:27:00

Solution 2

Your query was wrong!
Now New Query is:
cm = new SqlCommand("update tbluser set Pw='"+newpassword+"' where Pw='"+password+"' And U_name='"+username+"'");

Posted 12-Aug-12 9:27am

Rock (Multithreaded)

Updated 12-Aug-12 9:43am

v2

ridoy · Answer 2 · 2012-08-12T10:51:00

Solution 3

What is the primary key of your database?Is it U_name?Because you search your database here by U_name in your update statement.Then if you type such an U_name in txtusername that it isn't present in your database then you will find no update in your database.You can ignore it by making a candidate key(username+newpassword) or make sure every value of U_name of your database is unique and as same as the text of txtusername.

Posted 12-Aug-12 10:51am

ridoy

Comments

Rock (Multithreaded) 12-Aug-12 21:50pm

He wants to update only password on same user.

meshinator 14-Aug-12 7:05am

Thanks everyone for ur kind and valuable suggestions ..ill try,what u guys hab suggested and since im a new programming insect..if i get any problems again ill get back to bite you guys..hope no worries. :)