how to do validations in widows form application?

Question

1.00/5 (1 vote)

See more:

(I want that when i am entering user name and password it should only allow to login if the username and password is present the database table)

C#

private void button1_Click_1(object sender, EventArgs e)
 {
     SqlConnection con = new SqlConnection();
     con.ConnectionString=@"data source=ABHINAV-PC\ABHI;integrated security=true;initial catalog=ATM";
     con.Open();
     SqlDataAdapter ds = new SqlDataAdapter("select * from adminlogin WHERE UserName='" + textBox1.Text + "' and Password='" + textBox2.Text + "'", con);
     if ((textBox1.Text == "") || (textBox2.Text == ""))
     {
         MessageBox.Show("please enter username and password");
     }

     if (ds.Equals(con)==true)
     {
         Administrator_Home ah = new Administrator_Home();
         ah.Show();
     }
     else
         MessageBox.Show("invalid username or password");
 }

Posted 11-Mar-14 4:01am

Abhinav Chaudhary

Updated 11-Mar-14 4:08am

Krunal Rohit

v2

Add a Solution

2 solutions

Solution 1

Go for Error Provider[^].

See the complete article :
Error Provider Control in Windows Application Form[^]

-KR

Posted 11-Mar-14 4:09am

Krunal Rohit

Comments

Abhinav Chaudhary 11-Mar-14 10:15am

Okay thanks,i'll try it

Abhinav Chaudhary 11-Mar-14 10:30am

is there any problem in my code?

Sergey Alexandrovich Kryukov 11-Mar-14 10:39am

I do. Your code is unacceptable. Please see my answer.
—SA

Abhinav Chaudhary 11-Mar-14 10:32am

which changes should i made in my code?

Sergey Alexandrovich Kryukov 11-Mar-14 10:40am

Throw it out, write it the way I advised.
—SA

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Accepted Answer · 2014-03-11T04:39:00

Solution 2

No, your code is hardly acceptable. You are storing password in the database and compare it with input. This is bad. Storing a password anywhere is unsafe and is not needed at all.

Surprised? Disagree? Then please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
storing password value int sql server with secure way[^],
Decryption of Encrypted Password[^].

Another thing which is bad in principle is your query which you compose by concatentation with strings from UI. Didn't you ever heard of the very elementary exploit called "SQL Injection"?

This is how: http://xkcd.com/327[^].

See also: http://en.wikipedia.org/wiki/SQL_injection[^].

Please see my past answers:
EROR IN UPATE in com.ExecuteNonQuery();[^],
hi name is not displaying in name?[^].

You really need to use parametrized statements: http://msdn.microsoft.com/en-us/library/ff648339.aspx[^].

—SA

Posted 11-Mar-14 4:39am

Sergey Alexandrovich Kryukov

Comments

Abhinav Chaudhary 11-Mar-14 10:53am

Thank you sir,can you please post an example of that code?

Sergey Alexandrovich Kryukov 11-Mar-14 11:06am

It would be too much. I gave you all the links you need to write such code.

For password cache, use, say, one of SHA-2 (SHA256 or SHA512) algorithms available here: http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm%28v=vs.110%29.aspx. Don't use MD5 or any of the SHA-1, they are found to be unsafe.

Last link for using parameterized queries. This is all you need. Nothing overly hard.

As you are the most interested party here, please write this code by yourself and ask questions if you have problems.

—SA

Abhinav Chaudhary 11-Mar-14 12:47pm

Sir,i just want a normal code....i don't need an encryption...please post a normal code

Sergey Alexandrovich Kryukov 11-Mar-14 12:55pm

Excuse me, who told you about encryption?!

Let me explain why I don't want to develop a code sample for you. Of course, it will take to much of my time; and I am not the most interested person, you are. There is another, more serious reason. If you don't want to start working hard at your code, or you cannot, and expect a full solution from me, how can I trust you? How can I hope that, having my code sample, you will be able to use it?

Please understand, nobody wants to spend too much time, but, more importantly, nobody wants to waste time.

This is the serious reason why you should start writing your own code 1) storing cryptographic cache instead of password and comparing cache to cache, 2) using parametrized query; 3) learning how to write code all by yourself.

Thank you for understanding.

—SA

Abhinav Chaudhary 11-Mar-14 13:05pm

you are right sir,i'll solve it...Thanks for the help...and please help me.

Sergey Alexandrovich Kryukov 11-Mar-14 14:07pm

I think I already did. Any further questions? Are you going to accept the answer formally (green "Accept" button)?
—SA