when I login in asp.net it say wrong password

Question

1.00/5 (1 vote)

See more:

C#

protected void btnLogin_Click(object sender, EventArgs e)
{
   SqlDataAdapter da = new SqlDataAdapter("select * from users where username='" + txtUserName.TemplateControl + "' and password='" + txtPswrd.Text + "'", con);
   DataSet ds = new DataSet();
   da.Fill(ds, "users");
   try
   {
      con.Open();
      da.Fill(ds);			
      if (ds.Tables[0].Rows.Count > 0)
         Response.Redirect("home.aspx");
      else
         Label1.Text = " wrong pswd";
   }
   catch (Exception err){}
}

Posted 10-Jan-13 0:04am

Gilbertinino

Updated 10-Jan-13 10:57am

fjdiewornncalwe

v2

Add a Solution

Comments

[no name] 10-Jan-13 6:08am

so, what we do for this...?

Rai Pawan 10-Jan-13 6:09am

your query seems to have wrong username parameter value i.e., instead of txtUserName.TemplateControl you should be using txtUserName.Text
- Pawan

willempipi 10-Jan-13 6:14am

Rai, why not post it as an answer?

Anyways Gilbertinino, this code will allow sql injection, use parameters to specify the email and password.

sarathsprakash 10-Jan-13 6:17am

txtUserName.TemplateControl you should be using txtUserName.Text

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Rai Pawan · Answer 1 · 2013-01-10T01:35:00

Solution 2

your query seems to have wrong username parameter value i.e., instead of txtUserName.TemplateControl you should be using txtUserName.Text

Also please read on to see how to use sqlparameters as your current code can be a victim of sql injections.

Regards
Pawan

Posted 10-Jan-13 1:35am

Rai Pawan

sarathsprakash · Answer 2 · 2013-01-10T00:17:00

Solution 1

txtUserName.TemplateControl you should be using txtUserName.Text

Posted 10-Jan-13 0:17am

sarathsprakash

AshishChaudha · Answer 3 · 2013-01-10T17:21:00

Solution 3

You query should be like following

C#

SqlDataAdapter da = new SqlDataAdapter("select * from users where username='" + txtUserName.Text.Trim() + "' and password='" + txtPswrd.Text.Trim() + "'", con);

Note: Use parameterized query for better performance and security purpose
Thanks

Posted 10-Jan-13 17:21pm

AshishChaudha