Click here to Skip to main content
15,904,346 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I have designed a login page in C# ASP .Net.I am using Oledbcommand to check the login credential.

Following is the code:-

try
C#
{
                string connect = "Provider=Microsoft.Jet.OleDb.4.0; Data Source=C:/Users/jahart/Documents/Visual Studio 2010/Projects/ScindiaEvents/ScindiaEvents/Account/Events.mdb;";
                string query = "Select Count(*) From Students Where User ID = ? And Psswrd = ?";
                int result = 0;
                using (OleDbConnection conn = new OleDbConnection(connect))
                {
                    using (OleDbCommand cmd = new OleDbCommand(query, conn))
                    {
                        cmd.Parameters.AddWithValue("User ID", "TextBox1.Text");
                        cmd.Parameters.AddWithValue("Psswrd", "TextBox2.Text");
                        conn.Open();
                        Session["User"] = TextBox1.Text;
                        result = (int)cmd.ExecuteScalar();
                    }
                }
                if (result > 0)
                {
                    Response.Redirect("Default.aspx");
                }
                else
                {
                    lblMessage.Text = "Invalid credentials";
                }

            }
            catch (Exception ex)
            {
                lblMessage.Text = ex.ToString();
            }
        }

When I Click on Login button I get an exception i.e. [System.Data.OleDb.OleDbException (0x80040E14): Syntax error (missing operator) in query expression 'User ID = ? And Psswrd = ?'. at System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr) at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) at System.Data.OleDb.OleDbCommand.ExecuteScalar() at ScindiaEvents.Account.Login.Button1_Click(Object sender, EventArgs e) in C:\Users\jahart\Documents\Visual Studio 2010\Projects\ScindiaEvents\ScindiaEvents\Account\Login.aspx.cs:line 47]

Can somebody pls help me on this part.

Thanx in advance.
Posted
Updated 28-Oct-11 0:20am
v2

1 solution

Try surrounding User ID in '[' and ']' - at the moment the space in the middle of the name will cause the SQL parser to assume the column is called User and that ID is an operator such as AND or OR
 
Share this answer
 
Comments
jahart 29-Oct-11 4:28am    
Thanks for response. I changed the column name from User ID to usrnm. And now its working fine. Thanks a lot
OriginalGriff 29-Oct-11 4:50am    
You're welcome!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900