There was an error parsing the query. [ Token line number = 1,Token line offset = 27,Token in error = user ]

Question

3.00/5 (1 vote)

See more:

C#

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlServerCe;
namespace khtwa
{
    public partial class Form1 : Form
    {
        
        
        public Form1()
        {
            InitializeComponent();
        }
        string msg;

        
       
        SqlCeCommand cmd;
        DataSet ds = new DataSet();
        private void textBox1_TextChanged(object sender, EventArgs e)
        {

        }

        private void button1_Click(object sender, EventArgs e)
        {
            textBox1.Text = "";
                textBox2.Text="";

                this.Close();
        }

        private void button2_Click(object sender, EventArgs e)
        {
            string y = (Application.StartupPath + "\\font.sdf");
             SqlCeConnection con = new SqlCeConnection(@"Data Source=" + y);
             con.Open();
                if (textBox1.Text == "" || textBox2.Text == "")
                {
                    MessageBox.Show(" Enter UserName and Password .");
                    return;
                }

                cmd = new SqlCeCommand("SELECT * FROM login where user='" + textBox1.Text + "' and password='" + textBox2.Text + "'", con);
                SqlCeDataAdapter da = new SqlCeDataAdapter(cmd);
               
                da.Fill(ds);
                int i = ds.Tables[0].Rows.Count;
                if (i == 1)
                {
                    msg = "Welcome " + textBox1.Text;
                    this.Hide();
                    Form2 f2 = new Form2();
                    f2.Show();
                    ds.Clear();

                }
                else
                {
                    MessageBox.Show("Not Registered User or Invalid Name/Password");
                    textBox2.Text = "";
                }
            }
           


        }
    }

Posted 9-Apr-14 12:42pm

Mohamed Ragheb

Updated 9-Apr-14 13:54pm

CHill60

v2

Add a Solution

Comments

CHill60 9-Apr-14 19:56pm

Try to not type your question into the title of your post ... use the Improve Question link to add the full error message that you received and put a more meaningful title in. Also indicate which line gives you the error

[no name] 9-Apr-14 20:10pm

Try [user]. Don't use string concatenation to construct queries. Don't store passwords in plain text.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Raul Iloc · Accepted Answer · 2014-04-09T19:52:00

1.Test your SQL into the SQL server first and maybe you put a wrong name for a field, or for table name (could be logins and not login !?), by using the same test data as in your application. So you should test the next SQL:
SELECT * FROM login where user= 'xxx' and password = 'yyyy'

2.After you will identify and correct the errors in your test above, you will can make corrections in your C# code;

3.You should not sent concatenate the user inputs directly into your SQL command text, because this could lead to SQL injection attacks; you should use SQL parameters (@user and @password).