Login Query from databae

Question

0.00/5 (No votes)

See more:

I have created a registration page with field email and password stored in database.Now i want to log in using email and password field of database.
i applied query for that is::
i have enterd with email-name@gmail.com
and password-name
-----------------------------------------------------------------------------
SqlConnection con = new SqlConnection(str);
con.Open();
SqlCommand cmd = new SqlCommand("select * from Registration where Email='" + loginemail + "' and password='" + loginpassword + "'", con);
SqlDataReader dr = cmd.ExecuteReader();

if (dr.Read())
{
Response.Write("Login Successful");
Response.Redirect("Home.aspx");

}
else
{
Response.Write("Wrong user name and password");
}
------------------------------------------------------------------------------
after running this code always else part is working.while i m entering same email and password which i enterd into registration page.
plzz...tell me wt is problem in this..or tell wright query for this.

Posted 2-Jan-14 20:29pm

Member 10279752

Add a Solution

Comments

Sibasisjena 3-Jan-14 2:40am

First of all reader is not required.

♥…ЯҠ…♥ 3-Jan-14 2:43am

You sure you have data in the table?

Member 10279752 3-Jan-14 3:13am

yes..data present is in table..

♥…ЯҠ…♥ 3-Jan-14 5:11am

Totally weird... How it could be?

4 solutions

Solution 2

Since you are doing web development here, you may take a look at MembershipProvider[^].

As far a current code is concerned, check if you have data in the table. Also, here some other points you might want to consider:

1. Use parameterized queries. Your current code is prone to SQL injection.
2. Do you really need to return all the columns from database? You are not even using it.

Posted 2-Jan-14 20:56pm

dan!sh

Solution 3

First thing first, the way you code your sql queries is inviting SQL Injection. You must always parameterize your sql queries. The reason is here: give-me-parameterized-sql-or-give-me-death[^]. How to do it, check this out: sqlparameter[^]
As to your question, you may want to check the values of 'loginemail' and 'loginpassword' against those in the 'Registration' datatable. You can do this by using the Debug class, read this: Debug and Trace[^]. However, there could be other bugs exist elsewhere. You should be able to find them through debugging.

Posted 2-Jan-14 20:59pm

Peter Leow

Updated 2-Jan-14 21:04pm

v3

Solution 4

Hi,

Why ExecuteReader? Is there any specific reason to do that? It will be helpful if you have multiple select statement.
You could use ExecuteScalar, which returns single value from DB, which suits your requirement, you just want to valid whether record exists or not then
Use the below code

C#

using (SqlConnection con = new SqlConnection(str))
                {
                    con.Open();
                    SqlCommand cmd = new SqlCommand("select COUNT(*) from Registration where Email='" + loginemail + "' and password='" + loginpassword + "'", con);

                     int isUserExist= Convert.ToInt32(cmd.ExecuteScalar());
                        if (isUserExist > 0)
                        {
                            Response.Write("Login Successful");
                            Response.Redirect("Home.aspx");
                        }
                        else
                        {
                            Response.Write("Wrong user name and password");
                        }
                }

Hope this helps you a bit.

Regards,
RK

Posted 2-Jan-14 23:19pm

♥…ЯҠ…♥

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sibasisjena · Accepted Answer · 2014-01-02T20:53:00

Solution 1

From your query it is clear that, there is no row in your reader

If you want to use reader, then use the following code .

C#

using (SqlConnection con = new SqlConnection(str))
                {
                    con.Open();
                    SqlCommand cmd = new SqlCommand("select * from Registration where Email='" + loginemail + "' and password='" + loginpassword + "'", con);

                    using (SqlDataReader dr = cmd.ExecuteReader())
                    {
                        if (dr.HasRows && dr.Read())
                        {
                            Response.Write("Login Successful");
                            Response.Redirect("Home.aspx");

                        }
                        else
                        {
                            Response.Write("Wrong user name and password");
                        }
                    }
                }

Check your reader has row or not
Check whether you have the data in table or not

Posted 2-Jan-14 20:53pm

Sibasisjena

Updated 2-Jan-14 20:58pm

v2

Comments

Member 10279752 3-Jan-14 3:39am

@sibasis05 I tried this but giving same as before. (Else part is Working till nw)

Sibasisjena 3-Jan-14 4:34am

There is no record in your database for the particular loginemail and loginpassword

Member 10279752 3-Jan-14 4:43am

Boss i hv checked it. i have five entries in my db with loginemail and loginpassword emailid is-jainamit.it@gmail.com and password for that entry is-amit
bt wen i login using this it runs only else part..

plzz tell me another query/way for login. Thnxx

Sibasisjena 3-Jan-14 4:48am

Can you show me your table structure in DB. I mean what are the columns you have. I will provide you a query. show me by taking screen shot of the data base

Member 10279752 3-Jan-14 4:53am

These are coloums in database table

[dbo].[Registration](
[Firstname] [nvarchar](max) NOT NULL,
[lastname] [nvarchar](max) NOT NULL,
[phno] [nvarchar](max) NOT NULL,
[email] [nvarchar](max) NOT NULL,
[password] [nvarchar](max) NOT NULL,
[address] [nvarchar](max) NOT NULL,
[city] [nvarchar](max) NOT NULL,
[state] [nvarchar](max) NOT NULL,
[pincode] [nvarchar](max) NOT NULL,
[country] [nvarchar](max) NOT NULL,
[prefferddlvdt] [nvarchar](max) NOT NULL,
[deliveryinstruction] [nvarchar](max) NOT NULL

Sibasisjena 3-Jan-14 5:04am

Use the following line

SqlCommand cmd = new SqlCommand("select Email from Registration where Email='" + loginemail + "' and password='" + loginpassword + "'", con);

Sibasisjena 3-Jan-14 4:54am

Run the following script in your DB and tell me the result.

Select * from Registration where Email='jainamit.it@gmail.com' and password='amit'

Member 10279752 3-Jan-14 5:05am

it shows all the entries for amit which i registered..

Sibasisjena 3-Jan-14 5:10am

ok got your problem. It is returning multiple records. I think the problem is due to multi records. Put a debuger and use while loop.

Sibasisjena 3-Jan-14 5:12am

Use the following code and let me know, it is working or not.

using (SqlConnection con = new SqlConnection(str))
{
con.Open();
SqlCommand cmd = new SqlCommand("select Email from Registration where Email='" + loginemail + "' and password='" + loginpassword + "'", con);

using (SqlDataReader dr = cmd.ExecuteReader())
{
while (dr.HasRows && dr.Read())
{
if (dr.HasRows && dr.Read())
{
Response.Write("Login Successful");
Response.Redirect("Home.aspx");
break;
}
else
{
Response.Write("Wrong user name and password");
}
}

}
}

Member 10279752 3-Jan-14 5:19am

sir ur suggestion is working nw bt i ws making a mistake in query at i ws writing only ""loginemail"" bt it should be loginemail.text and ""loginpassword.text"". Thnxx.

Sibasisjena 3-Jan-14 5:26am

Ok great, You are most welcome :)

Member 10279752 3-Jan-14 5:38am

Very very thnkuu sir ji..!!
can u tell me 1 more thing nw or when u have time..
i want to make a website like this..
""http://www.chennaionlinegrocery.com/grocery/default.asp""
on this website when we select category->chocolate->then mid part where 2 drop down lists and prices are changing. how can i develop it..

How can i create QTy, description,Weight,U/p,L/p, and functionality for these.. if possible tell me plzz..here or on my mail id..plzz..plzzz..

Member 10279752 3-Jan-14 5:39am

Once u visit this website http://www.chennaionlinegrocery.com/grocery/default.asp and help me..

Sibasisjena 3-Jan-14 5:46am

First bind the data in grid. Then after i will help you. Please provide your email here.

Member 10279752 3-Jan-14 5:50am

Email Id:-
deepakpareek.asp@gmail.com