validate entries using an sql table

**debasisdas** · Jul 23 '08, 08:59 AM

try to use

Select count(*) from tbl_LoginIDsets where user_name='user name' and password='passw ord'

if this query returns 1 then proceed further and login else reprompt for the correct username and password.

**r035198x** · Jul 23 '08, 09:17 AM

You didn't check for the entered username and password.

**BlackEye** · Jul 24 '08, 07:19 AM

Originally posted by debasisdas

try to use

Select count(*) from tbl_LoginIDsets where user_name='user name' and password='passw ord'

if this query returns 1 then proceed further and login else reprompt for the correct username and password.

i have now tried the following code:

Code:

        SqlConnection myConnection = new SqlConnection("data source=myPC;database=myDB;uid=abc;password=abc123");

        myConnection.Open();

        Response.Write(ConnectionState.Open);
        
        DataSet dsFillData = new DataSet();

        SqlCommand cmdobj = new SqlCommand("Select * from tbl_LoginIDsets", myConnection);

        cmdobj.CommandType = CommandType.Text;

    
        SqlDataAdapter daAdapter = new SqlDataAdapter(cmdobj);

 
        daAdapter.Fill(dsFillData);
       
        SqlDataReader dr = null;
        
        SqlCommand cmd = new SqlCommand("Select * from tbl_LoginIDsets where LoginID = " +UserName +"and Password = " +Password, myConnection);
       
              
        [U]dr = cmd.ExecuteReader();[/U]
	            if(dr.Read())
                {
                    Response.Write("Valid User");
                }
	            else
                {
                    Response.Write("Invalid User");
                }

    }
}

the command which i have underlined is giving the following error:
[Incorrect syntax near 'Password'.]

can you pls guide me where am i going wrong now? i'll be greatful.

**r035198x** · Jul 24 '08, 07:43 AM

You are missing some spaces e.g before "and Password = " needs to be " and Password = " ...
You need quotes around varchar type values.

**BlackEye** · Jul 24 '08, 09:09 AM

Originally posted by r035198x

You are missing some spaces e.g before "and Password = " needs to be " and Password = " ...
You need quotes around varchar type values.

i have iserted the spaces u suggested. the error hsa now changed to:
[The multi-part identifier "System.Web.UI. WebControls.Tex tBox" could not be bound.]
the error is still on the same line.

**r035198x** · Jul 24 '08, 09:26 AM

Originally posted by BlackEye

i have iserted the spaces u suggested. the error hsa now changed to:
[The multi-part identifier "System.Web.UI. WebControls.Tex tBox" could not be bound.]
the error is still on the same line.

In your code, where are Password and UserName values coming from?

**BlackEye** · Jul 24 '08, 09:49 AM

Originally posted by r035198x

In your code, where are Password and UserName values coming from?

the user and password values are entered by the user who wants to log in.
these values are to be validated from existing values in a table with feilds LoginID and Password

**r035198x** · Jul 24 '08, 10:02 AM

Post the full code that you used ...

**BlackEye** · Jul 25 '08, 06:26 AM

Originally posted by r035198x

Post the full code that you used ...

this is my complete code:

Code:

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;

public partial class _Default : System.Web.UI.Page 
{
    protected void Page_Load(object sender, EventArgs e)
    {
        
    }

    protected void LoginButton_Click(object sender, EventArgs e)
    {
        SqlConnection myConnection = new SqlConnection("data source=myPC;database=myDB;uid=abc;password=abc123");

        myConnection.Open();

        Response.Write(ConnectionState.Open);
        
        DataSet dsFillData = new DataSet();

        SqlCommand cmdobj = new SqlCommand("Select * from tbl_LoginIDsets", myConnection);

        cmdobj.CommandType = CommandType.Text;

    
        SqlDataAdapter daAdapter = new SqlDataAdapter(cmdobj);

 
        daAdapter.Fill(dsFillData);
       
        SqlDataReader dr = null;
        
        SqlCommand cmd = new SqlCommand("Select * from tbl_LoginIDsets where LoginID = " +UserName +" and Password = " +Password, myConnection);
       
              
        dr = cmd.ExecuteReader();
	            if(dr.Read())
                {
                    Response.Write("Valid User");
                }
	            else
                {
                    Response.Write("Invalid User");
                }

    }
}

could there be a problem in my connection? i'm just guessing though, because if i try to display my connection status it does say "open".

**r035198x** · Jul 25 '08, 06:54 AM

Originally posted by BlackEye

...

Code:

        DataSet dsFillData = new DataSet();
SqlCommand cmdobj = new SqlCommand("Select * from tbl_LoginIDsets", myConnection);
cmdobj.CommandType = CommandType.Text;
SqlDataAdapter daAdapter = new SqlDataAdapter(cmdobj);
daAdapter.Fill(dsFillData);

1.) What is the code above doing in there?
2.) What are the names of the controls where the user enters the username and password?

**BlackEye** · Jul 25 '08, 07:17 AM

Originally posted by r035198x

1.) What is the code above doing in there?
2.) What are the names of the controls where the user enters the username and password?

1.) this code is supposed to fetch data from the table and fill the data set with this data using a data adapter (at least that is what i aimed to do, let me know if i am wrong)

2.) the user enters username and password into textboxes whose ID's are UserName and Password respectively

**r035198x** · Jul 25 '08, 07:32 AM

Originally posted by BlackEye

2.) the user enters username and password into textboxes whose ID's are UserName and Password respectively

Then to get the text entered you need to use UserName.Text and Password.Text not just UserName or Password.

**BlackEye** · Jul 25 '08, 07:52 AM

Originally posted by r035198x

Then to get the text entered you need to use UserName.Text and Password.Text not just UserName or Password.

i tried it.
but the only values it is now validating are the column names. if i enter any other values, even those which are present in my table, the debbuging stops and it gives me the following error:
[Invalid column name 'master'.
Invalid column name 'master'.]

both username=master and password=master should be valid entries according to my table.

**r035198x** · Jul 25 '08, 08:01 AM

Originally posted by BlackEye

i tried it.
but the only values it is now validating are the column names. if i enter any other values, even those which are present in my table, the debbuging stops and it gives me the following error:
[Invalid column name 'master'.
Invalid column name 'master'.]

both username=master and password=master should be valid entries according to my table.

Character datatypes also need to have quotes around them.
e.g

Code:

" where name = '" +name.Text + "'";

validate entries using an sql table

validate entries using an sql table

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment