simple login form

R

resonance

Hello,
I want to create a simple login form that includes two textboxes and a
button, compare the values in textboxes with the values that are in access
database. But I get this message: "No value given for one or more required
parameters."
Can anyone help me?
Thank you...

Codes are below:
sql = "SELECT * FROM [user] WHERE ([user].[username]=" +
tbUserName.Text.ToString() + "AND [user].[password]=" +
tbUserName.Text.ToString()+ ");";

conn = new OleDbConnection(AccessDataSource1.ConnectionString);
conn.Open();
komut = new OleDbCommand(sql, conn);
Label2.Text=sql;
veri = komut.ExecuteReader();
if (veri.Read())
{
lblMessage.Text = "ok";
}
else
{
lblMessage.Text = " Invalid username or password!";
}
conn.Close();
 
M

Manish Agarwal

Your query seems me wrong

sql = "SELECT * FROM [user] WHERE ([user].[username]=" +
tbUserName.Text.ToString() + "AND [user].[password]=" +
tbUserName.Text.ToString()+ ");";

In this you are using tbUserName for password too.

Regards,
Manish Agarwal
 
R

resonance

When I have tried only username in sql, I had the same message, too. I cannot
use the value in textbox in my sql statement.

Manish Agarwal said:
Your query seems me wrong

sql = "SELECT * FROM [user] WHERE ([user].[username]=" +
tbUserName.Text.ToString() + "AND [user].[password]=" +
tbUserName.Text.ToString()+ ");";

In this you are using tbUserName for password too.

Regards,
Manish Agarwal

Hello,
I want to create a simple login form that includes two textboxes and a
button, compare the values in textboxes with the values that are in access
database. But I get this message: "No value given for one or more required
parameters."
Can anyone help me?
Thank you...

Codes are below:
sql = "SELECT * FROM [user] WHERE ([user].[username]=" +
tbUserName.Text.ToString() + "AND [user].[password]=" +
tbUserName.Text.ToString()+ ");";

conn = new OleDbConnection(AccessDataSource1.ConnectionString);
conn.Open();
komut = new OleDbCommand(sql, conn);
Label2.Text=sql;
veri = komut.ExecuteReader();
if (veri.Read())
{
lblMessage.Text = "ok";
}
else
{
lblMessage.Text = " Invalid username or password!";
}
conn.Close();
Click to expand...

.
Click to expand...
 
R

resonance

I have solved my problem by editing sql statement and if statement.
Thank you Manish Agarwal...

sql = "SELECT password FROM [user] WHERE [username]='" +
tbUserName.Text.ToString() + "';";
conn = new OleDbConnection(AccessDataSource1.ConnectionString);
conn.Open();
komut = new OleDbCommand(sql, conn);

veri = komut.ExecuteReader();
if (veri.Read())
{

if (veri[0].ToString()==tbPassword.Text)
{
lblMessage.Text = "ok";
}
else
{
lblMessage.Text = " Invalid username or password!";
}
}

conn.Close();
 
J

J.B. Moreno

resonance said:
sql = "SELECT * FROM [user] WHERE ([user].[username]=" +
tbUserName.Text.ToString() + "AND [user].[password]=" +
tbUserName.Text.ToString()+ ");";
Click to expand...

I see three problems with this code.
1) You aren't using parameters. Leaveing you open to sql injection.
2) You appear to be using and storing the password, you should never
to do that. Instead store and compare a hash of the password.
3) you are using tblUsername.Text for the password.

(A forth problem is relatively minor, the .Text value is already a
string, using ToString on it is redundant).
 
A

Arne Vajhøj

I have solved my problem by editing sql statement and if statement.
Click to expand...
sql = "SELECT password FROM [user] WHERE [username]='" +
tbUserName.Text.ToString() + "';";
conn = new OleDbConnection(AccessDataSource1.ConnectionString);
conn.Open();
komut = new OleDbCommand(sql, conn);

veri = komut.ExecuteReader();
if (veri.Read())
{

if (veri[0].ToString()==tbPassword.Text)
{
lblMessage.Text = "ok";
}
else
{
lblMessage.Text = " Invalid username or password!";
}
}

conn.Close();
Click to expand...

This is not good code.

1) you should pick table and field names that allow you to omit
the [] because they are not portable among all OLE DB databases
2) you do not get the connection closed in case of an exception
3) you are easy prey for SQL injection (look it up if you don't
know what it is)
4) The .ToString()'s are unnecesarry
5) The trailing semikolon is unnecesarry
6) Given that you only want one row and one field, then you
could simplify quite a bit using ExecuteScalar instead
of ExecuteReader

Arne
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

New to asp.net 2
Inserting JPEG images into an Access database using C# and ADO.NET 4
Suggestions regarding improving DAL 2
beginners problems with controls and classes 4
Convert VB to C# for reading an image from Access DB 3
Problems accessing SQL Server 2
Windows Form login question 4
Login program failure 7

Top