Click here to Skip to main content
15,851,514 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
i use this code to login in bout i don't know what should i bout in ????? i want if it admin open form1 if user open form2

What I have tried:

C#
SqlDataAdapter sda = new SqlDataAdapter("select count(*)  from tbladmin where username='" + txtusername.Text.Trim() + "' and password='" + txtpassword.Text.Trim() + "'", sqlcon);
            DataTable dtbl = new DataTable();
            sda.Fill(dtbl);



            if (dtbl.Rows[0][0].ToString() == "1")
            {
                SqlDataAdapter sda5 = new SqlDataAdapter("select role from tbladmin where username='" + txtusername.Text.Trim() + "' and password='" + txtpassword.Text.Trim() + "'", sqlcon);
                DataTable ds5 = new DataTable();
                sda5.Fill(ds5);
                String value5 = ds5.Rows[0][0].ToString();
                Debug.WriteLine("value is :   " + value5);
                if (????????? = 'admin')
                { 
Posted
Updated 18-Feb-19 22:22pm
Comments
Richard MacCutchan 19-Feb-19 3:50am    
You have two giant security holes in your code:
1. Storing your passwords in clear text.
2. Using string concatenation to create your SQL commands.

1 solution

You don't need SqlDataAdapter and DataTable to get a value, you can use the more lightweight SqlDataReader, see example here: Retrieving Data Using a DataReader | Microsoft Docs[^]
string value5 = reader.GetString(0));
Also use parameterized queries, especially in security sensitive queries like this one !
See: c# - How to use sql parameters for a select query? - Stack Overflow[^]

If a value is found in tbladmin, it means that an admin was found, other users can be found in tbluser.
 
Share this answer
 
v3

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900