I tried to make a login page. But, it always show this message:
Username or Password is not correct
While I am pretty sure that my username and password are correct.
private void button1_Click(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(txtbox_user.Text) || string.IsNullOrEmpty(txtbox_password.Text))
//txt_name.Text == String.IsNullOrEmpty || txt_family.Text == String.IsNullOrEmpty || txt_username.Text == String.IsNullOrEmpty || txt_password.Text == String.IsNullOrEmpty || txt_repeat.Text == String.IsNullOrEmpty || txt_mail.Text == String.IsNullOrEmpty)
{
MessageBox.Show("Plesae insert your username and password");
}
else
{
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = " select * from Login where UserName =' " + txtbox_user.Text + " ' and PassWord = ' " + txtbox_password.Text + " ' ";
OleDbDataReader reader = command.ExecuteReader();
int count = 0;
while (reader.Read())
{
count = count + 1;
}
if (count == 1)
{
MessageBox.Show("Welcome!");
LearnerForm F2 = new LearnerForm();
F2.Show();
}
if (count > 1)
{
MessageBox.Show("Duplicate username or Password");
}
else
{
MessageBox.Show("Username or Password is not correct");
}
connection.Close();
}
}
You have one extra space after quote '
. Remove it:
where UserName =' " + txtbox_user.Text + " ' and PassWord = ' " + txtbox_password.Text + " '
should be:
where UserName ='" + txtbox_user.Text + "' and PassWord = '" + txtbox_password.Text + "'
Also I strongly recommend that you always use parameterized queries to avoid SQL Injection .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.