Create a login application with local database in visual studio

Question

Please I am really having trouble creating a simple login application in C#. I just want to create a login form and whenever I enter the username and password it checks from the database if it exists or not, and since I don't have much knowledge about this, I can't manage to do it!

I created a windows form in VS express, and set the design with textboxes for username and password and a login button. Then I added a new element to my project and chose local database ( dataset). In the left, I have two areas: one named data connection with "database1.sdf" in it, and "datasource" with "database1" in it.I have no idea what those two mean, I just created a new user table in the "database1.sdf" and added id,username and password columns. But after that, having only those two elements, I have no clue how to perform what I want to do. What code should I write to connect to the database in order to check the values, and where do I write this code?

I tried many codes online, but it doesn't work :/

I am sorry if my questions seem stupid, but I really need your help ! Thanks !

Answer 1

this is the snippets for visual studio c# coding that i am doing for a system project in our major subject as a programmer

private void btnLogin_Click(object sender, EventArgs e)
        {// you can have the database location at your own database
            SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=H:\school\copro3\EnrollmentSystemProgram\EnrollmentSystemProgram\Login.mdf;Integrated Security=True;");

//you can use your database table and its contents for the DataAdapter

            SqlDataAdapter sda = new SqlDataAdapter("SELECT COUNT (*) FROM tblLogin WHERE Username= '" + txtUser.Text + "' AND Password= '" + txtPass.Text + "'", con);
            DataTable dt = new DataTable();
            sda.Fill(dt);
            if (dt.Rows[0][0].ToString() == "1")
            {
                this.Hide();
                new frmDashboard().Show();

            }
            else
            {
                lblNotify.Show();
                lblNotify.Text = "Login Unsuccessful";
                txtUser.Text = "";
                txtPass.Text = "";
            }
        }

        private void frmLogin_Load(object sender, EventArgs e)
        {
            lblNotify.Hide();
        }

Answer 2

Do not do this

SELECT COUNT (*) FROM tblLogin WHERE Username= '" + txtUser.Text + "' AND Password= '" + txtPass.Text + "'"

This opens for exploits

Store the Username in a varible like Username = @Username and then use

sqlCommand.Parameters.AddWithValue("@Username", txtUser.Text);

Answer 3

This is the code that I inserted for our program thesis for the login button

string select = @"Select * From tblUsers Where Username = @Username and Password = @Password and PositionInTheCompany = @Privilege";
        using (con)
        {
            con.Open();
            using (cmd = new SqlCommand(select, con))
            {
                cmd.Parameters.AddWithValue("@Username", txtLoginUsername.Text);
                cmd.Parameters.AddWithValue("@Password", txtLoginPassword.Text);
                cmd.Parameters.AddWithValue("@Privilege", cmbLoginUsertype.Text);
                using (read = cmd.ExecuteReader())
                {
                    if (read.HasRows)
                    {
                        // you can also use the else if statements here for the user privileges
                        read.Read();
                        this.Hide()
                        dashboard.Show();

                        txtLoginPassword.Text = "";
                        txtLoginUsername.Text = "";
                        cmbLoginUsertype.Text = "";
                    }
                    else
                    {
                        lblLoginMessage.Show();
                        lblLoginMessage.Text = "Access Denied!";
                        txtLoginPassword.Text = "";
                        txtLoginUsername.Text = "";
                        cmbLoginUsertype.Text = "";
                    }
                }
            }
        }

For the SqlConnection, i used a class called ConnectionString

 public partial class frmLogin : Form
{
    ConnectionString cs = new ConnectionString();
    frmDashboard dashboard = new frmDashboard();
    public SqlConnection con = new SqlConnection();
    public SqlCommand cmd = new SqlCommand();
    public SqlDataReader read;

    public frmLogin()
    {
        InitializeComponent();
    }

    private void frmLogin_Load(object sender, EventArgs e)
    {
        lblLoginMessage.Hide();
        con = new SqlConnection(cs.conStr);
    }

I don't know if using class for the connection causes errors, but i used it because I don't want to make my code have lots of snippets. For the ConnectionString class

class ConnectionString
{
    public string conStr = // the connection source of the database
}

I use one database for multiple tables