Problem in login form

Question

0.00/5 (No votes)

See more:

C#

string MyconString = "SERVER=localhost;" +
                                         "DATABASE=record;" +
                                         "UID=testuser;" +
                                         "PASSWORD=testpaswd;";
           MySqlConnection connection = new MySqlConnection(MyconString);
           MySqlCommand command = connection.CreateCommand();

           // command.CommandText = "SELECT * FROM users";
           command.CommandText = "SELECT DISTINCT * FROM users WHERE name='" +
                             data[0] + "'AND password='" + data[1] + "'";

           MySqlDataReader myreader = null;
           try
           {
               connection.Open();
               myreader = command.ExecuteReader();
               while (myreader.Read())
               {
                   string name_stored = (myreader["name"].ToString());
                   string paswd_stored = (myreader["password"].ToString());
                   string camID_stored = (myreader["cam_ID"].ToString());
                 
                   if (data[0].Equals(name_stored) && data[1].Equals(paswd_stored))
                   {
                       Console.WriteLine("Log in successfull");  
                   }
                else
                   {
                       Console.WriteLine("Log in Failed. . . ");
                   }                                  
               }
               connection.Close();
           }           
           catch(Exception eo)
               {
                   Console.WriteLine(eo.ToString());
               
               }

Q: This is login module code for my application. problem is that when i enter a incorrect user name and password it gets stuck and else condition for wrong user name and password do not execute.

Posted 24-Mar-11 4:15am

SR.Rizwan

Updated 24-Mar-11 4:18am

Sandeep Mewara

v2

Add a Solution

Comments

Sandeep Mewara 24-Mar-11 10:24am

Why not? All looks ok. Just a Console.WriteLine. Did you debug?

Tarun.K.S 24-Mar-11 10:36am

Its a simple mistake that OP made. Look at the command.

Sandeep Mewara 24-Mar-11 10:37am

Thanks. :)

BTW, This simply means he did not DEBUG even once! :doh:

Tarun.K.S 24-Mar-11 10:38am

True!

4 solutions

Solution 1

The problem is that the data reader will come back empty if the username or password entered are not in the database. Therefore your while loop will not execute at all.

Posted 24-Mar-11 4:33am

Wayne Gaylard

Comments

Dalek Dave 24-Mar-11 10:35am

Spot on.

#realJSOP 24-Mar-11 10:45am

Proposed as answer

Solution 2

Well I'm not surprised: you only retrieve records from the database which match you login name and password. So, if you enter a bad password, it will retrieve no records, and will not enter the while loop to check anything.

BTW: don't access your DB like that: you are leaving yourself wide open to an SQL Injection attack. Use parametrized queries instead:

C#

command.CommandText = "SELECT DISTINCT * FROM users WHERE name=@NM AND password=@PW";
command.Parameters.AddWithValue("@NM", data[0]);
command.Parameters.AddWithValue("@PW", data[1]);

Posted 24-Mar-11 4:35am

OriginalGriff

Solution 4

Try If(myReader.read) in the place of While(myReader.read).

Posted 25-Mar-11 0:43am

Gopi9999

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Tarun.K.S · Accepted Answer · 2011-03-24T04:35:00

The problem lies in the Command :

SQL

command.CommandText = "SELECT DISTINCT * FROM users WHERE name='" +
                             data[0] + "'AND password='" + data[1] + "'";

Remove the WHERE condition, so that the command can retrieve all the Names and passwords. Then in the while loop, you can compare data[0] with name and data[1] with password and not in the command.

Just put the command simply like this :

SQL

command.CommandText = "SELECT DISTINCT * FROM users;

Hope it helped!