Click here to Skip to main content
14,866,397 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
public bool IsCorrectUser(string userId, string password)
bool result = false;


SqlCommand cmd = new SqlCommand();

cmd.Connection = con;
cmd.CommandText = "Select * From Users" + "Where UserID = @UserID And Password = @Password";
cmd.CommandType = CommandType.Text;

cmd.Parameters.AddWithValue("@UserID", userId);
cmd.Parameters.AddWithValue("@Password", password);

SqlDataReader dr = cmd.ExecuteReader();

if (dr.Read())
result = true;


return result;

What I have tried:

I don't know what is wrong.........
Updated 25-Mar-21 18:59pm
Richard Deeming 26-Mar-21 5:42am
You're storing your users' passwords in plain text. Don't do that.

Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

1 solution

Space is missing in the query:
cmd.CommandText = "Select * From Users" + "Where UserID = @UserID And Password = @Password";

If you DEBUG, you can see the commandText is:
Select * From UsersWhere UserID = @UserID And Password = @Password

Add space between Users & Where words.

Debugging is part of your learning. When you move step by step, you will be able to find such mistakes easily.
LeeHyungJin1995 26-Mar-21 1:15am
You're genius??
I'm fool..........Thank U!! ㅠ_ㅠ

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900