Click here to Skip to main content
13,147,591 members (31,806 online)
Rate this:
Please Sign up or sign in to vote.
sqlcommand sqlparameter in cast type
i am trying to pass username and paasword throgh sqlparameter But query not executed

    string strSQL = @"SELECT User_ID, Enabled 
        	          FROM User_Reg 
        	          WHERE Username = @paramUsername 
        	          AND CAST(Password AS varbinary(30)) = CAST( @paramPassword  AS varbinary(30))";
        		objSqlCommand = new SqlCommand(strSQL, objSqlDbComm.SqlConnectionObject);
        		objSqlCommand.Parameters.AddWithValue("@paramUsername", txtUsername.Text);
        		objSqlCommand.Parameters.AddWithValue("@paramPassword", txtPassword.Text);
DataTable objDataTable = objSqlDbComm.ExecuteDataset(objSqlCommand).Tables[0];

sqlcommand sqlparameter in cast type
i am trying to pass username and paasword throgh sqlparameter But query executed with
objDataTable.Rows.Count GETTING 0
Posted 18-Apr-13 23:56pm
Updated 19-Apr-13 0:07am
Maciej Los 19-Apr-13 6:05am
Does above code is complete?
"Not executed" - is not informative at all ;(
Please, be more specific and provide more details.
NikhildPawar 19-Apr-13 6:08am
I have updated quetion
objDataTable.Rows.Count GETTING 0

1 solution

Rate this: bad
Please Sign up or sign in to vote.

Solution 1

The most obvious reason the "query not executed" is that you don't show the actual call to ExecuteReader, or DataAdapter.Fill - I will assume that you have one or the other in there though.

Why are you casting password? Why are you storing them as text? Even using parameterized queries, that is not a good idea for security reasons. See here: Password Storage: How to do it.[^]

Once you have converted your passwords to a secure form, do a simpler query that returns the user_id and the password given only the username - then verify the password in the code behind instead of as part of the query. That way, the password you expect to be valid never leaves teh server, and you have much better control over what goes on.
Maciej Los 19-Apr-13 6:21am
Short and to the point!
NikhildPawar 24-Apr-13 3:09am
OriginalGriff 24-Apr-13 3:27am
Sorry? Single word comments aren't that helpful. "answer" has many meanings, please try to elaborate a little! :laugh:
NikhildPawar 24-Apr-13 3:38am
Sorry But Why query executed with
objDataTable.Rows.Count GETTING 0
please elaborate not cleared
OriginalGriff 24-Apr-13 9:31am
Probably because they are compared as varbinary. So if there is any difference in the value you stored compared to the value of the string as cast to a varbinary (and that may well include unassigned values) it will fail. So if your store routine saves the string as "abc" followed by 27 spaces, and the cast converts it to "abc" followed by 27 nulls they will not match.
It's also possible that one is cast from Unicode, and the other isn't, or similar problems.

Without looking at you DB data in some detail I can't be specific.

Just don't do it! :laugh:

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy |
Web03 | 2.8.170915.1 | Last Updated 19 Apr 2013
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100