Click here to Skip to main content
14,866,397 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
public bool IsCorrectUser(string userId, string password)
{
bool result = false;

con.Open();

SqlCommand cmd = new SqlCommand();

cmd.Connection = con;
cmd.CommandText = "Select * From Users" + "Where UserID = @UserID And Password = @Password";
cmd.CommandType = CommandType.Text;

cmd.Parameters.AddWithValue("@UserID", userId);
cmd.Parameters.AddWithValue("@Password", password);

SqlDataReader dr = cmd.ExecuteReader();

if (dr.Read())
{
result = true;
}

dr.Close();
con.Close();

return result;
}

What I have tried:

I don't know what is wrong.........
Posted
Updated 25-Mar-21 18:59pm
Comments
Richard Deeming 26-Mar-21 5:42am
   
You're storing your users' passwords in plain text. Don't do that.

Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

1 solution

Space is missing in the query:
C#
cmd.CommandText = "Select * From Users" + "Where UserID = @UserID And Password = @Password";

If you DEBUG, you can see the commandText is:
SQL
Select * From UsersWhere UserID = @UserID And Password = @Password


Add space between Users & Where words.

Debugging is part of your learning. When you move step by step, you will be able to find such mistakes easily.
   
Comments
LeeHyungJin1995 26-Mar-21 1:15am
   
Wow............
You're genius??
I'm fool..........Thank U!! ㅠ_ㅠ

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900