cant get sql to detect admin

Question

0.00/5 (No votes)

See more:

Im having trouble getting my program to detect admin users. I have created a login system, but when an admin logs in, it skips past the sql query and moves on to open a user screen, not an admin. Here is my code:

C#

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient;
using System.Data.SqlTypes;

namespace myLoginProject
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void Form1_Load(object sender, EventArgs e)
        {
            SqlConnection connection = new SqlConnection(@"server=.\SQLEXPRESS; database=loginTest;Trusted_Connection=yes");
            connection.Open();
            string selection = "select * from Logins where Name = '" + userNameBox.Text + "' and Password = '" + passwordBox.Text + "' ";
            SqlCommand command = new SqlCommand(selection, connection);
            SqlDataAdapter da = new SqlDataAdapter(command);
            DataSet ds = new DataSet();
            da.Fill(ds);
            DataTable dt = ds.Tables[0];
        }

        private void registerButton_Click(object sender, EventArgs e)
        {
            adminAuthScreen aas = new adminAuthScreen();
            aas.Show();
        }
        private int myMethod(string user, string pass)
        {
            user.Trim();
            pass.Trim();
            SqlConnection connection = new SqlConnection(@"server=.\SQLEXPRESS; database=loginTest;Trusted_Connection=yes");
            connection.Open();
            string selection = "select * from Logins where Name = '"+user+"' and Password = '"+pass+"' ";
            SqlCommand command = new SqlCommand(selection, connection);
            if (command.ExecuteScalar() != null)
                return 1;
            else
                return 0;
                
        }

        private void loginButton_Click(object sender, EventArgs e)
        {
            if (myMethod(userNameBox.Text,passwordBox.Text)>0)
            {
                MessageBox.Show("Welcome back, "+userNameBox.Text);
                SqlConnection myConnection = new SqlConnection(@"server=.\SQLEXPRESS; database=loginTest;Trusted_Connection=yes");
                try
                {
                    myConnection.Open();
                }
                catch (Exception ex)
                {
                    MessageBox.Show(ex.ToString());
                }
               string checkAdmin1 = "SELECT * FROM Logins WHERE User = '"+userNameBox.Text+"' AND User='Admin'";
            SqlCommand checkIfAdmin = new SqlCommand(checkAdmin1, myConnection);
            if (checkIfAdmin.ExecuteScalar() != null)
            {
               adminScreen admnscrn = new adminScreen();
                admnscrn.Show();
            }
            else
            {
                userScreen usrscrn = new userScreen();
                usrscrn.Show();
            }
            }
        }


        public SqlConnection connection { get; set; }
    }
    }

It seems like this bit is the problem (at least its the problem during debugging):

C#

string checkAdmin1 = "SELECT * FROM Logins WHERE User = '"+userNameBox.Text+"' AND User='Admin'";
            SqlCommand checkIfAdmin = new SqlCommand(checkAdmin1, myConnection);
            if (checkIfAdmin.ExecuteScalar() != null)
            {
               adminScreen admnscrn = new adminScreen();
                admnscrn.Show();
            }
            else
            {
                userScreen usrscrn = new userScreen();
                usrscrn.Show();
            }
            }
        }

Can anyone help me find out what the problem is???

Posted 3-Oct-13 15:07pm

brucey_D

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Ron Beyer · Answer 1 · 2013-10-03T15:12:00

Solution 1

Maybe it should be this?

SQL

SELECT * FROM Logins WHERE Name = '"+userNameBox.Text+"' AND User='Admin';

You are checking if the User = Admin and User = Admin... But when they log in you check the Name column for the user name from the userNameBox field. I'm guessing you just aren't checking the right field in the SQL.

Posted 3-Oct-13 15:12pm

Ron Beyer

Comments

brucey_D 3-Oct-13 21:23pm

I thought that was it! Sadly not :( It's a head scratcher for me, but then again im a beginner lol

brucey_D · Answer 2 · 2013-10-03T17:30:00

Solution 2

IVE GOT IT! The column user, when in design mode, was surrounded by []! I changed it to UserType and it works, SUCCESS! I dont understand why it had [] around it though...

Posted 3-Oct-13 17:30pm

brucey_D

Comments

Ron Beyer 3-Oct-13 23:40pm

Did you originally have it working with an OLEDb (like access)? It could also be because the designer thought it was a reserved keyword which when used in a column name must be surrounded by [ and ].