Click here to Skip to main content
15,880,299 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
i have developed a login system where we can input our username and password. then it will checks with database an user name and password is correct it will throw a message saying thank you.

for that i have used service based database with dataset, which is inbuilt database.

result of this code is nothing. but it will execute without errors?

C#
private void Btn1_Click(object sender, EventArgs e)
        {

            SqlConnection cn = new SqlConnection(global::EnQApp.Properties.Settings.Default.Database1ConnectionString);

            try {
                cn.Open();
                using (SqlCommand command = new SqlCommand("SELECT * FROM Login", cn))
                {
                    //
                    // Invoke ExecuteReader method.
                    //
                    SqlDataReader reader = command.ExecuteReader();
                    while (reader.Read())
                    {
                        string name = reader.GetString(1);  // Name string
                        string pass = reader.GetString(2); // Password string
                        //
                        // generates a thank you message
                        //
                        MessageBox.Show("Thank you");
                    }
                }
            }
            catch (Exception ex) { }
            finally { }
        }
Posted
Updated 30-Nov-14 17:58pm
v2

First of all, you should try to find the correct row from Login table, not to get all rows and loop through them. This would mean something like
SQL
SELECT * 
FROM Login
WHERE UserName = @username
AND HashedPassword = @hashedpassword

Before executing the statement, set proper values to the bind variables using SqlParameter[^]

About the password. Don't store the password as plain text or even encrypted, use one way hashing. A good read about the subject is Password Storage: How to do it.[^]
 
Share this answer
 
You should just check the existence of the record that matches the username and password, never retrieve it. Better use a store procedure to do the sql operation.
Check this out: Login Form in Windows Application Using ASP.Net C#[^]
Read more on Salted Password Hashing - Doing it Right[^]
 
Share this answer
 
v2
Comments
Wendelius 1-Dec-14 0:22am    
In my opinion you should never store the password so that it can deciphered. Better to use hashing.
Peter Leow 1-Dec-14 0:25am    
Exactly, that why I have advised him to read more...
Wendelius 1-Dec-14 0:27am    
I see that you added some info to the solution. Looks much better :)
Peter Leow 1-Dec-14 0:30am    
Look that OP is quite fresh, so need to go bit by bit slowly.
Hi ,
Check this
C#
private void Btn1_Click(object sender, EventArgs e)
    {

        SqlConnection cn = new SqlConnection(global::EnQApp.Properties.Settings.Default.Database1ConnectionString);

        try
        {
            cn.Open();
            using (SqlCommand command = new SqlCommand("SELECT * FROM Login where username =@username and password = @password", cn))
            {
                //
                // Invoke ExecuteReader method.
                //
                command.Parameters.AddWithValue("@username", txtbox1.Text);
                command.Parameters.AddWithValue("@password", txtbox2.Text);
                SqlDataReader reader = command.ExecuteReader();
                if (reader.HasRows)
                {
                    // IF it has Rows so your Good to go and show your message 
                    MessageBox.Show("Thank you");
                    /*
                    while (reader.Read())
                    {
                        string name = reader.GetString(1);  // Name string
                        string pass = reader.GetString(2); // Password string
                        //
                        // generates a thank you message
                        //
                        MessageBox.Show("Thank you");
                    } 
                     * */
                }
            }
        }
        catch (Exception ex) { }
        finally { }
    }
 
Share this answer
 
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900