Please do favor to sort out my login form

Question

1.00/5 (2 votes)

See more:

I am making a login form and it attached with database when i retrieve data it show this sort of error:

Line 23: string query = "select count(*) from userlogin where username ='" + txtBox1.Text + "'and pass '" + txtBox2.Text + "'";
Line 24: SqlCommand cmd = new SqlCommand(query, con);
Line 25: string output = cmd.ExecuteScalar().ToString();
Line 26: if (output == "1")
Line 27: {

Source File: c:\Users\Atta\Documents\Visual Studio 2012\WebSites\WebSite3\Default2.aspx.cs Line: 25

Stack Trace:

the is showing on line number 25. while i am using such type of code behind login form:

What I have tried:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;


public partial class Default2 : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        

    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["connect"].ToString());
        con.Open();
        string query = "select count(*) from userlogin where username ='" + txtBox1.Text + "'and pass '" + txtBox2.Text + "'";
        SqlCommand cmd = new SqlCommand(query, con);
        string output = cmd.ExecuteScalar().ToString();
        if (output == "1")
        {
            Session["user"] = txtBox1.Text;
            Response.Redirect("Login Successful");
        }
        else
        {
            Response.Write("Login Faild");
        }
    }
}

Posted 9-Jul-17 23:22pm

Member 12761341

Updated 9-Jul-17 23:41pm

Add a Solution

Comments

F-ES Sitecore 10-Jul-17 5:30am

And the error is?

BTW you should google how to use parameterised queries as your code is vulnerable to SQL injection attacks and also issues where people have apostrophes in their usernames or passwords.

StM0n 10-Jul-17 5:30am

Which error... there're some that could occur.

Sorry to ask, but are you aware of the circumstance, that your login functionality is open for sql-injection?!

Richard Deeming 10-Jul-17 8:39am

REPOST
You have already posted this in the ASP.NET forum:
https://www.codeproject.com/Messages/5413429/how-to-connect-database-to-asp-net-form.aspx[^]

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Suvendu Shekhar Giri · Answer 1 · 2017-07-09T23:34:00

Without looking much into your code and details, I could say the error is because of the missing equals operator in the sql query.

Replace line no. 23 with following and see if that helps-

C#

string query = "select count(*) from userlogin where username ='" + txtBox1.Text + "'and pass ='" + txtBox2.Text + "'";

But wait, that's not all.
Your code is vulnerable to SQL Injection[^].
With little more effort, you can prevent SQL injection via Stored Procedure or parameterised query. Please follow below reference for further guidance-
How To: Protect From SQL Injection in ASP.NET[^]
[^]

Hope, it helps :)

manu_dhobale · Answer 2 · 2017-07-09T23:41:00

Solution 2

Please refer Simple-User-Login-Form-example-in-ASPNet.aspx[^]

Posted 9-Jul-17 23:41pm

manu_dhobale