|
First: Don't use string concatenation to build your SQL queries!
A few more issues:
- "usernametxtbox" and "passwordtxtbox probably results in something like "System.Windows.Forms.TextBox" instead of the actual value. Make sure you access the "Text" property of those objects to get the value stored inside them
- There is no need for a DataTable or an SqlDataAdapter.
- Make sure you dispose of the Sql-objects if you're done (else you might run into memory leaks)
Go with something like this (using "using" will make sure the objects are disposed)
using(var con = new SqlConnection(@"Data Source=SAJJAD-PC;Initial Catalog=hotel;Integrated Security=True;") {
con.Open();
using(var cmd = con.CreateCommand()) {
cmd.CommandText="SELECT COUNT(*) FROM login WHERE username=@username AND password=@password";
cmd.Parameters.Add("@username", SqlDbType.Varchar, 50).Value = usernametxtbox.Text;
cmd.Parameters.Add("@password", SqlDbType.Varchar, 50).Value = passwordtxtbox.Text;
var result = (int)cmd.ExecuteScalar();
if(result==1) {
} else {
}
}
}
|
|
|
|
|
I think usernametxtbox and passwordtxtbox are your text box controls. use usernametxtbox.Text.ToString().Trim() and passwordtxtbox.Text.ToString().Trim().
and if you have more then one record with same username and password then row count will be grater than 1 and in this condition
login will be failed. so you need to check what table return form database.
|
|
|
|
|
HUKUMAT RAY KUMAWAT wrote: usernametxtbox.Text.ToString() Why do you want to call ToString() on a property that is already a string?
|
|
|
|
|
I should refresh my page more often
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
I posted that message, and got the response "It appears that this message has already been posted". So I refreshed and refreshed, but it never appeared. I think it got lost somewhere deep in the cloud for a while.
|
|
|
|
|
Two possibilities:
1) It went to moderation.
2) It had a hash value that matched an existing message in the CP database. I've had this before and the suggestion from Chris was "Go and buy a lottery ticket!"
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
OriginalGriff wrote: It went to moderation. Why not state that then, instead of acting like it has already been posted? Technically it may be correct, since it is posted - but it is not very informative.
OriginalGriff wrote: It had a hash value that matched an existing message in the CP database. ..assuming a hash-collision; that does not mean that the message has been posted. It means that two hashes collide. In that case, one does a more detailed compare.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Eddy Vluggen wrote: Why not state that then
Because you don't want to give spammers any ideas as to what triggers the automated spam detector - any more than you should say "incorrect password" instead of "the username and password combination was not found".
Eddy Vluggen wrote: In that case, one does a more detailed compare.
Take that up with the Hamsters!
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
OriginalGriff wrote: any more than you should say "incorrect password" instead of "the username and
password combination was not found". Always found that a rediculous notion.
Especially after Windows shows you pictures with names of each account you can use to log in. Aw, it might be a good idea to hide that information if you have an API that can handle over thousand requests per minute; that would in itself be a bigger problem.
Ergo, if you have to rely on "not telling whether the username exists", then you are already on your way to trouble.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Eddy Vluggen wrote: Especially after Windows shows you pictures with names of each account you can use Only if you set it up like that.
|
|
|
|
|
The username is not part of the secret; it is merely an identification, one that is also used outside of the login-process.
Again, would only be helpfull if you are protecting against a flood of trail-and-error logins, in which case your designed is flawed anyway.
--edit
I find this an amusing discussion, given that most smartphones do not even ask which user they are dealing with
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Smartphones generally only have one user account, and it's protected by a PIN - if you set it up that way. It's only when you get to real multi-user systems (Unix, Linux, MVS etc.) that this really becomes an issue.
|
|
|
|
|
Why is the name of the one user not asked? Because it is not part of the secret.
One can often GUESS the usernames from the email-adresses a company uses. Is that really our way of "thinking" about security?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
|
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Richard MacCutchan wrote: It's only when you get to real multi-user systems (Unix, Linux, MVS etc.) that this really becomes an issue.
And anything online...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
OriginalGriff wrote: And anything online. Nah, we know online systems are secure, so you can give them all your details in the knowledge that none of it will ever leak out. Might get sold to some scammers though.
|
|
|
|
|
Probably number 1, and I should have gone to Home and checked.
Actually (probably) not. If it goes to moderation then I get an email notification.
|
|
|
|
|
Get the ticket anyway - it's a rollover tomorrow!
(I have to, Herself insists... )
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
I would not recommend ToString-ing the contents of the Text property. It is already a string, but if it contains "null", then it would blow.
I'd also advise against the "trim". If my passwords ends in a space, then you are not to remove it.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Hi I added new dataset names: "DataSet1" from dataset designer to my application.
I added One table names: "BinTable" form my database.mdf in this dataset by dragging table.
I want to add 100 rows in my table. It works when I run program but when I close it, changes did not save in my database.
please help me
Here is the code:
DataSet1TableAdapters.BinTableTableAdapter Adapter = new DataSet1TableAdapters.BinTableTableAdapter();
for (int i = 1; i < 100; i++)
Adapter.Insert(i, 100, 100, 100, 100);
DataSet1.BinTableDataTable dt = new DataSet1.BinTableDataTable();
Adapter.Fill(dt);
foreach (DataRow row in dt.Rows)
{
}
modified 3-Aug-15 4:18am.
|
|
|
|
|
Thank You I Found My Answer;)
|
|
|
|
|
would be nice if you shared your solution so that everyone can learn from it.
|
|
|
|
|
hi
How to get only numbers from string ?
for example:
abcde123.45po => 123.45
ab, 098,zx => 98
thanks
|
|
|
|
|
Try a regex:
\d+(\.\d+)? Should do it.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|