Click here to Skip to main content
15,889,651 members
Search within:


How to check whether user name and password exists in sql in c#
Please Sign up or sign in to vote.
3.29/5 (3 votes)
See more:
C#
Hai,


I am having username textbox and password trxt box in c# web application.I am having a sql table "Login" which contains username and password.How to validate whether username or password exists in SQL table.

Thanks in advance
Posted
Add a Solution
Comments
Sampath Lokuge 11-Dec-13 5:23am    
Are you using any encryption for the password when it stores into db ?
Member 10234093 11-Dec-13 5:25am    
yes.

5 solutions

Start by looking at this: Password Storage: How to do it.[^] - it doesn't cover storing or retrieving the data from teh dtabase, but that is the trivial bit:
C#
using (SqlConnection con = new SqlConnection(strConnect))
    {
    con.Open();
    using (SqlCommand cmd = new SqlCommand("SELECT password FROM myTable WHERE username=@UN", con))
        {
        cmd.Parameters.AddWithValue("@UN", txtUserName.Text);
        using (SqlDataReader reader = cmd.ExecuteReader())
            {
            if (reader.Read())
                {
                byte[] psw = (byte[])reader["password"];
                ...Check as in the Tip
                }
            }
        }
    }
 
Share this answer
 
Posted
Comments
BobJanova 11-Dec-13 5:37am    
I often find it more convenient to store the hex string for the hash because then you can just do a 'where username=@1 and password=@2' with strings which is easy. This does require that the connection between web application and database is secure (as the actual hash used to log in is sent) but that's usually a given.
OriginalGriff 11-Dec-13 5:45am    
It's a bit more convenient, but you still need code to generate the hex string, so it's six of one and half a dozen of the other I guess! :laugh:
You can check this also(off course apart from the answer Griff already gave)

checking-if-username-already-exists-within-the-databasae[^]
 
Share this answer
 
Posted
How about doing a query? You can do a SELECT combined with WHERE and see what it returns, if there is data, both exists, if not... they are not in the table

http://www.w3schools.com/sql/sql_where.asp[^]
 
Share this answer
 
Posted
Hi
Try this simple code ..


C#
string usename  = txtusername.Text;
            string password = txtpassword.Text;


              SqlDataAdapter sqlAdapter;
            SqlCommand sqlCmd = new SqlCommand ();
            SqlConnection objConn = new SqlConnection ();
           
            objConn.ConnectionString = "your connection string";
            DataTable tbl = new DataTable();

            try
            {
                objConn.Open();
                sqlCmd.Connection = objConn;
                sqlCmd.CommandTimeout = 30;
                sqlCmd.CommandText =
                    string.Format("select count(*) as count from Login where username ='{0}' and password = '{1}' ", usename,password);

                sqlAdapter = new SqlDataAdapter(sqlCmd);
                sqlAdapter.Fill(tbl);
                sqlCmd.Dispose();

                if ( tbl != null && tbl.Rows.Count >0)
                {
                    lbl.Text = "successfull login";
                }
                else
                    lbl.Text = "Invalid Credentials";
 
Share this answer
 
Posted
Comments
Member 10234093 11-Dec-13 5:51am    
Suppose if i want to check only user name the error message "Invalid credentials" is ok?Suppose if i entered wrong user name and correct password above error message "Invalid Credentials" is ok?
Karthik_Mahalingam 11-Dec-13 6:57am    
yes it shld be like that..
it will be valid if both the entries are right...
BobJanova 11-Dec-13 13:06pm    
Downvoting because you are encouraging the storage of the password in plain text in the database. Please read Griff's article linked from his answer about why that's a very bad thing.

Also, because you aren't using parameterised queries so you are open to SQL injection, which is a really bad thing.

Put together, implementing a site with a login mechanism as you have put here is a major security risk: with a small amount of guesswork a malicious attacker can create a user for himself, delete all existing users and generally destroy your data. Although this particular exploit doesn't provide a way to read data from the database, if you write code like this you will undoubtedly be providing read-write SQL injection opportunities as well.
Karthik_Mahalingam 11-Dec-13 13:31pm    
ok i agree. u shld have commented as suggestion or warning , instead of down voting.. :(
using linq to sql try with this,

C#
protected void btnLogin_Click(object sender, EventArgs e)
      {
          EventManagerDataContext db = new EventManagerDataContext();

          var result = (from row in db.EMR_CLIENTs
                        where row.Name == txtUserName.Value.ToString() && row.Password == txtPassword.Value.ToString()
                        select row).ToList();

          if (result.Count() != 0)
          {
              Session["clientname"] = txtUserName.Value;
              Response.Redirect("DefaultClient.aspx");


          }
          else
          {
              lblMsg.Text = "Invalid username or password";
              this.lblMsg.ForeColor = Color.Red;
          }
      }
 
Share this answer
 
Posted
Comments
BobJanova 11-Dec-13 13:09pm    
Downvoting because you are encouraging the storage of the password in plain text in the database. Please read Griff's article linked from his answer about why that's a very bad thing.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Check whether file exists - in SQL Server 2005
How to check whether Name exists in sql table or not
check whether data exists in table
How to check whether username and password of any sql server exists using c#
How to check whether values exist in a table
How to check whether value exists in a table or not
How do you implement a program that prompts the user for a password and give the user feedback whether that password fulfills the constraints?
how to check whether the given password is in database or not
Check whether the searched url exists
How to check whether column name exist while adding a new column.

Advertise
Privacy
Cookies
Terms of Use
Last Updated 11 Dec 2013
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900