i have a par of code c# to login but doesn't work it gives me the message in Else :
protected void Button1_Click(object sender, EventArgs e)
{
string Connection = @"data source=LOCALHOST;initial catalog=CVtech;Integrated Security=false;User ID=sa;Password=123";
string Requete = "select * from Agent where Login ='" + UserLogin.Text + " and PPR = " + UserPass.Text+"'";
SqlDataAdapter da = new SqlDataAdapter(Requete, Connection);
DataSet Ds = new DataSet();
da.Fill(Ds);
if (Ds.Tables[0].Rows.Count > 0)
{
DataRow[] dr = Ds.Tables[0].Select();
Session["Code"] = dr[0]["PPR"].ToString();
Response.Redirect("cv.aspx");
}
else
{
Response.Write(" message d'erreur login et mot de passe erroné");
}
}
i have a login : "Ach" and PPR = 1
Thank you
You're not closing the string value in the sql request.
string Requete = "select * from Agent where Login ='" + UserLogin.Text + " and PPR = " + UserPass.Text + "'";
should be
string Requete = "select * from Agent where Login ='" + UserLogin.Text + "' and PPR = '" + UserPass.Text + "'";
Also, you should look into sql injection and parametrizing your queries. I don't use DataAdapters much but I believe it will look something like.
SqlConnection connection = new SqlConnection("data source=LOCALHOST;initial catalog=CVtech;Integrated Security=false;User ID=sa;Password=123");
SqlDataAdapter da = new SqlDataAdapter();
SqlCommand command = new SqlCommand("select * from Agent where Login = @login and PPR = @ppr", connection);
command.Parameters.Add("@login", SqlDbType.NVarChar, 50);
command.Parameters["@login"].Value = UserLogin.Text;
command.Parameters.Add("@ppr", SqlDbType.NVarChar, 50);
command.Parameters["@ppr"].Value = UserPass.Text;
da.SelectCommand = command;
DataSet Ds = new DataSet();
da.Fill(Ds);
For more details see
How To: Protect From SQL Injection in ASP.NET
http://msdn.microsoft.com/en-us/library/ff648339.aspx
SqlDataAdapter.SelectCommand Property
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.