Error : "Incorrect Username or Password.

Question

1.00/5 (3 votes)

See more:

I getting the error "Incorrect Username or Password" for all input.

VB

Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
        Try

       
        Dim con As New SqlConnection("Data Source=192.168.10.3;Initial Catalog=IT_INV;user id=sa;password=1")
        con.Open()
        Dim dt As New DataTable("user")
        Dim rs As New SqlCommand("SELECT * FROM [user] WHERE username='" & TextBox1.Text & "' AND passw='" & TextBox2.Text & "'", con)

            Dim usernameParam As New SqlParameter("username", Me.TextBox1.Text)
            Dim passwordParam As New SqlParameter("passw", Me.TextBox2.Text)

            rs.Parameters.Add(usernameParam)
            rs.Parameters.Add(passwordParam)

            Dim sqlRead As SqlDataReader = rs.ExecuteReader
            If sqlRead.HasRows Then
                If sqlRead.Read = True Then


                    If sqlRead("usertype") = "admin" Then
                        MsgBox("admin")
                    ElseIf sqlRead("usertype") = "user" Then
                        MsgBox("user")

                    Else
                        MessageBox.Show("Incorrect Username or Password.", "Login Failed", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)

                        TextBox1.Text = ""
                        TextBox2.Text = ""

                    End If

                End If
            End If

            con.Close()

  Catch ex As Exception
            MessageBox.Show(ex.Message)
        End Try
    End Sub

Posted 18-May-15 17:30pm

veena15

Updated 18-May-15 17:52pm

RajeeshMenoth

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Afzaal Ahmad Zeeshan · Answer 1 · 2015-05-18T18:07:00

The solution to it is obvious. You are running an SQL command which is supposed to select the user where the conditions are met. Otherwise the results won't be presented to you.

After executing all of the statements, you are looking into the data reader to check for another column value of that user. Which is, "userType".

You should know that if there is no record found then the value is not matched with either admin or user. That is why, you will always get this message. I know you cannot minimize this error, and so there is no solution. Unless there is a result in the database for this query, and the user would not be matched. To ensure that this error doesn't show up again, make sure,

You have at least one record in your database table
User and password fields are matching with the input you provide (for testing)
userType field is also either "admin" or "user"

Then I believe that this code would work and would return the result that you want to see.

Tip: Never stored passwords in plain-text. Hash them and store the hash in the database.

Edit

The problem is that you have replaced the value... In the query if you look,

VB

Dim rs As New SqlCommand("SELECT * FROM [user] WHERE username='" & TextBox1.Text & "' AND passw='" & TextBox2.Text & "'", con)
 
Dim usernameParam As New SqlParameter("username", Me.TextBox1.Text)
Dim passwordParam As New SqlParameter("passw", Me.TextBox2.Text)

You meant to write the query this way,

VB

Dim rs As New SqlCommand("SELECT * FROM [user] WHERE username=@0 AND passw=@1", con)
 
Dim usernameParam As New SqlParameter("0", Me.TextBox1.Text)
Dim passwordParam As New SqlParameter("1", Me.TextBox2.Text)

This is the parameterized query. Which is now going to be passed as the value for the condition. Run the query now and see the result.