compare Textbox.Text with an SQL entry

Question

4.00/5 (3 votes)

See more:

Hi gys,

I have a table in my sql database user with columns (id,name,password)

in my web form i have two textboxes where when i press a button i try to compare the textbox1 with name from user and textbox2 with password if it is correct i want to redirect to ok.aspx

i write the following code but always i receive wrong userpass i don't know where is the wrong??
what i should change in order to make it work?
thn in advance!

C#

SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ToString());

        string query;
        SqlCommand SqlCommand;
        SqlDataReader reader;

        SqlDataAdapter adapter = new SqlDataAdapter();
        //Open the connection to d
        string name1;
        string password1;
        //read value price
        SqlCommand sqlCommand = new SqlCommand("select name,password FROM users", conn);
        conn.Open();
        using (SqlDataReader read = sqlCommand.ExecuteReader())
        {
            while (read.Read())
            {
                 name1 = read["name"].ToString(); //current price
                password1 = read["password"].ToString();
                string var1 = Convert.ToString(name1);
                string var2 = Convert.ToString(password1);
                string va3 = Convert.ToString(username.Text);
                string va4 = Convert.ToString(passwordtx.Text);
                bool result = va3.Equals(var1);
                bool result2 = va4.Equals(var2);
                if (result && result2)
                {
                    Response.Redirect("ok.aspx");
                }
                else
                    Response.Write("wrongpass");
            }
     
            read.Close();
            conn.Close();
        }

Posted 26-Nov-13 22:44pm

JasonTsoum77

Updated 26-Nov-13 22:48pm

Nelek

v2

Add a Solution

4 solutions

Solution 4

C#

bool result = va3.Equals(var1);
             bool result2 = va4.Equals(var2);
             if (result && result2)
             {
                 Response.Redirect("ok.aspx");
             }
             else
                 Response.Write("wrongpass");

Try to understand what you have done here
You are using

while (read.Read())

it will check your condition with each of records.
But on First Case it will Redirect a page with your if/else condition out of List of Records.

That's why your condition is going to fail....
Rather wise Kartik Solution is good to check your condition on query time.

Else If We will modify your code it will may be like this

C#

bool IsMatch=false;
while (read.Read())
            {
                 name1 = read["name"].ToString(); //current price
                password1 = read["password"].ToString();
                string var1 = Convert.ToString(name1);
                string var2 = Convert.ToString(password1);
                string va3 = Convert.ToString(username.Text);
                string va4 = Convert.ToString(passwordtx.Text);
                bool result = va3.Equals(var1);
                bool result2 = va4.Equals(var2);
              if (result && result2)
{IsMatch=true;break;}
            }
            read.Close();
            conn.Close();
//Keeping outside of your while loop
if (IsMatch)
                {
                    Response.Redirect("ok.aspx");
                }
                else
                    Response.Write("wrongpass");

Posted 26-Nov-13 23:11pm

sankarsan parida

Updated 26-Nov-13 23:12pm

v2

Comments

JasonTsoum77 27-Nov-13 5:26am

thnx for your help the problem was in (trims) from textbox i receinve a string without a trim
but from my sql table i receive a string with spaces for some reason that i don't know.

Thnx for your help again!!!!

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Karthik_Mahalingam · Accepted Answer · 2013-11-26T22:59:00

Hi
i have modified your code...

have a look on this, It might help you..

C#

public void check ()
       {
           SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ToString());
                       SqlCommand SqlCommand;

           string userName = username.Text.Trim();
           string password = passwordtx.Text.Trim();
           string query = string.Format("select name,password FROM users where name ='{0}' and password ='{1}'" , username, password);

           DataTable dt = new DataTable();
           SqlCommand sqlCommand = new SqlCommand(query , conn);
           SqlDataAdapter adapter = new SqlDataAdapter(sqlCommand);
           conn.Open();
           adapter.Fill(dt);
          conn.Close();


           if (dt != null && dt.Rows.Count > 0)
               Response.Redirect("ok.aspx");
           else
               Response.Write("wrongpass");


           }

Harshil_Raval · Accepted Answer · 2013-11-26T23:04:00

Try this also,

C#

using (SqlDataReader read = sqlCommand.ExecuteReader())
{
    string va3 = Convert.ToString(username.Text);
    string va4 = Convert.ToString(passwordtx.Text);
    DataTable dt = new DataTable();
    dt.Load(read);
    DataRow[] result = dt.Select("name = " + va3 + " AND password = " + va4);
    if(result.Count() > 0)
    {
        Response.Redirect("ok.aspx");
    } 
    else
    {
        Response.Write("wrongpass");
    }
    read.Close();
    conn.Close();
}

Hope it helps you.
Thanks.

Thanks7872 · Accepted Answer · 2013-11-26T23:05:00

Use this code

C#

SqlCommand cmd= new SqlCommand("select * FROM users where name=@n and password=@p", conn);
cmd.Parameters.AddWithValue("@n",textbox1.Text);
cmd.Parameters.AddWithValue("@p",textbox2.Text);
SqlDataReader dr= cmd.ExecuteReader();
if(dr.read())
{           
    Response.Redirect("ok.aspx");
}
else
{
  Response.Write("wrongpass");
}
dr.Close();

Side note: Never store password in plain text or encrypted form. Use Cryptographic hash function instead.

compare Textbox.Text with an SQL entry

4 solutions

Solution 1

Solution 2

Solution 4

Solution 3

Add your solution here

Preview 0