Before you start adding onto your application; I would
highly recommend that you review what you currently have.
Just in the first 3 lines of code I see several problems: Vulnerable, Insecure, and Inefficient. I would find either of the first 2 to be grounds for termination.
Vulnerability Reduction: To reduce your chance of SQL Injection attacks, I would recommend
parameterization of all your commands. Here is a quick sample based on your first line:
string cmdtxt = "SELECT Count(*) FROM tbluser1 WHERE username=@username";
SqlCommand cmd = new SqlCommand(cmdtxt, sqlcon);
cmd.Parameters.AddWithValue("@username", txtusername.Text.Trim());
Security Strengthening: You should never store passwords in plain-text. You should implement some method of
hashing to protect them. This will require much more than a quick answer though. I would recommend reading the articles here and elsewhere on the topic. I have worked with implementations of bCrypt and would consider this acceptable as well.
Password Storage: How to do it.[
^]
Use BCrypt to Hash Your Passwords: Example for C# and SQL Server « Rob Kraft's Software Development Blog[
^]
Seems minor, but for efficiency's sake use the simplest objects/methods needed. Line #1 of your script was creating a SqlDataAdapter which fed a DataTable and then you checked position [0][0] for the one value in that multidimensional object. Your command only returns 1 value; never more, and never less. If you go back to the
Vulnerability paragraph you will see I changed it to an
SqlCommand
. You can simply just execute that as a
Scalar function which only returns the one value
int Matches = (int)cmd.ExecuteScalar();