Click here to Skip to main content
14,735,594 members
Please Sign up or sign in to vote.
4.00/5 (3 votes)
See more:
Hi gys,

I have a table in my sql database user with columns (id,name,password)

in my web form i have two textboxes where when i press a button i try to compare the textbox1 with name from user and textbox2 with password if it is correct i want to redirect to ok.aspx

i write the following code but always i receive wrong userpass i don't know where is the wrong??
what i should change in order to make it work?
thn in advance!

SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ToString());

        string query;
        SqlCommand SqlCommand;
        SqlDataReader reader;

        SqlDataAdapter adapter = new SqlDataAdapter();
        //Open the connection to d
        string name1;
        string password1;
        //read value price
        SqlCommand sqlCommand = new SqlCommand("select name,password FROM users", conn);
        conn.Open();
        using (SqlDataReader read = sqlCommand.ExecuteReader())
        {
            while (read.Read())
            {
                 name1 = read["name"].ToString(); //current price
                password1 = read["password"].ToString();
                string var1 = Convert.ToString(name1);
                string var2 = Convert.ToString(password1);
                string va3 = Convert.ToString(username.Text);
                string va4 = Convert.ToString(passwordtx.Text);
                bool result = va3.Equals(var1);
                bool result2 = va4.Equals(var2);
                if (result && result2)
                {
                    Response.Redirect("ok.aspx");
                }
                else
                    Response.Write("wrongpass");
            }
     
            read.Close();
            conn.Close();
        }
Posted
Updated 26-Nov-13 23:48pm
v2

Hi
i have modified your code...

have a look on this, It might help you..


public void check ()
       {
           SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ToString());
                       SqlCommand SqlCommand;

           string userName = username.Text.Trim();
           string password = passwordtx.Text.Trim();
           string query = string.Format("select name,password FROM users where name ='{0}' and password ='{1}'" , username, password);

           DataTable dt = new DataTable();
           SqlCommand sqlCommand = new SqlCommand(query , conn);
           SqlDataAdapter adapter = new SqlDataAdapter(sqlCommand);
           conn.Open();
           adapter.Fill(dt);
          conn.Close();


           if (dt != null && dt.Rows.Count > 0)
               Response.Redirect("ok.aspx");
           else
               Response.Write("wrongpass");


           }
   
v2
Comments
JasonTsoum77 27-Nov-13 5:04am
   
Perfect it works!!!
thnx my friend for your help!!!
Karthik_Mahalingam 27-Nov-13 5:04am
   
welcome jason :)
Try this also,
using (SqlDataReader read = sqlCommand.ExecuteReader())
{
    string va3 = Convert.ToString(username.Text);
    string va4 = Convert.ToString(passwordtx.Text);
    DataTable dt = new DataTable();
    dt.Load(read);
    DataRow[] result = dt.Select("name = " + va3 + " AND password = " + va4);
    if(result.Count() > 0)
    {
        Response.Redirect("ok.aspx");
    } 
    else
    {
        Response.Write("wrongpass");
    }
    read.Close();
    conn.Close();
}

Hope it helps you.
Thanks.
   
v2
Comments
JasonTsoum77 27-Nov-13 5:23am
   
Thnx for your response and your help my friend, your solution is also
works!!!
bool result = va3.Equals(var1);
             bool result2 = va4.Equals(var2);
             if (result && result2)
             {
                 Response.Redirect("ok.aspx");
             }
             else
                 Response.Write("wrongpass");

Try to understand what you have done here
You are using
while (read.Read())

it will check your condition with each of records.
But on First Case it will Redirect a page with your if/else condition out of List of Records.

That's why your condition is going to fail....
Rather wise Kartik Solution is good to check your condition on query time.

Else If We will modify your code it will may be like this

bool IsMatch=false;
while (read.Read())
            {
                 name1 = read["name"].ToString(); //current price
                password1 = read["password"].ToString();
                string var1 = Convert.ToString(name1);
                string var2 = Convert.ToString(password1);
                string va3 = Convert.ToString(username.Text);
                string va4 = Convert.ToString(passwordtx.Text);
                bool result = va3.Equals(var1);
                bool result2 = va4.Equals(var2);
              if (result && result2)
{IsMatch=true;break;}
            }
            read.Close();
            conn.Close();
//Keeping outside of your while loop
if (IsMatch)
                {
                    Response.Redirect("ok.aspx");
                }
                else
                    Response.Write("wrongpass");
   
v2
Comments
JasonTsoum77 27-Nov-13 5:26am
   
thnx for your help the problem was in (trims) from textbox i receinve a string without a trim
but from my sql table i receive a string with spaces for some reason that i don't know.

Thnx for your help again!!!!
Use this code
SqlCommand cmd= new SqlCommand("select * FROM users where name=@n and password=@p", conn);
cmd.Parameters.AddWithValue("@n",textbox1.Text);
cmd.Parameters.AddWithValue("@p",textbox2.Text);
SqlDataReader dr= cmd.ExecuteReader();
if(dr.read())
{           
    Response.Redirect("ok.aspx");
}
else
{
  Response.Write("wrongpass");
}
dr.Close();


Side note: Never store password in plain text or encrypted form. Use Cryptographic hash function instead.
   
Comments
JasonTsoum77 27-Nov-13 5:24am
   
thnx for your help i will modify my code as you show me
Thanks7872 27-Nov-13 5:34am
   
That's better. Its the simplest one.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900