How can I check wrong username and password in C# from SQL?
Question
I just try to check wrong username, password and I want message box says " wrong username, password".
When I enter correct username and password, it's okay, I can login. When I enter wrong username and password the first time, I get a message box but even if I enter the correct username and password the 2nd time, I get the error again.
I think return is not working.
baglanti means connection
My code is here:
private void loginBtn_Click(object sender, EventArgs e)
{
if (txtboxID.Text == "")
{
MessageBox.Show("Please enter your username..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
if (txtboxPW.Text == "")
{
MessageBox.Show("Please enter your password..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
string getid = "SELECT username FROM user WHERE username='" + txtboxID.Text + "'";
string getpw = "SELECT password FROM user WHERE password='" + txtboxPW.Text + "'";
SQLiteCommand gettingid = new SQLiteCommand(getid, baglanti);
SQLiteCommand gettingpw = new SQLiteCommand(getpw, baglanti);
baglanti.Open();
object idfind = gettingid.ExecuteScalar();
if (idfind == null)
{
MessageBox.Show("wrong username", "Error");
return;
}
object pwfind = gettingpw.ExecuteScalar();
if (pwfind == null)
{
MessageBox.Show("wrong password", "Error");
return;
}
baglanti.Close();
string id = idfind.ToString();
string pass = pwfind.ToString();
if (txtboxID.Text == id || txtboxPW.Text == pass)
{
guverteBtn.Visible = true;
makineBtn.Visible = true;
loginBtn.Visible = false;
logincontrolTxt.Text = "Login Succesfully !";
logincontrolTxt.ForeColor = Color.White;
logincontrolTxt.Location = new Point(200, 393);
regBTN.Visible = false;
resetBTN.Visible = false;
txtboxID.Text = "";
txtboxPW.Text = "";
}
else
{
logincontrolTxt.Text = "Invalid ID or Password !";
logincontrolTxt.Location = new Point(180, 393);
logincontrolTxt.ForeColor = Color.Red;
txtboxID.Text = "";
txtboxPW.Text = "";
}
}
1 answers
solution1
1 ACCPTED 2022-01-09 16:06:51
I just made some minor modifications to your code, but as others mentioned, you need to change your SQL query to a parameterized one to prevent SQL injection.
Also always try to connect/query the database less as possible, if you can get your data at once, to improve your application performance.
I did not test the code below, but it should resolve your problem.
private void loginBtn_Click(object sender, EventArgs e)
{
if (txtboxID.Text == "")
{
MessageBox.Show("Please enter your username..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
if (txtboxPW.Text == "")
{
MessageBox.Show("Please enter your password..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
string getid = "SELECT username FROM user WHERE username='" + txtboxID.Text + "' AND password='" + txtboxPW.Text + "'"; //Security Issue: SQL Injection
SQLiteCommand gettingid = new SQLiteCommand(getid, baglanti);
try {
baglanti.Open();
object idfind = gettingid.ExecuteScalar();
if (idfind == null)
{
MessageBox.Show("Invalid user credentials!", "Error");
}
else
{
if (!string.IsNullOrEmpty(Convert.ToString(idfind)))
{
guverteBtn.Visible = true;
makineBtn.Visible = true;
loginBtn.Visible = false;
logincontrolTxt.Text = "Login Succesful!";
logincontrolTxt.ForeColor = Color.White;
logincontrolTxt.Location = new Point(200, 393);
regBTN.Visible = false;
resetBTN.Visible = false;
txtboxID.Text = "";
txtboxPW.Text = "";
}
else
{
logincontrolTxt.Text = "Invalid ID or Password !";
logincontrolTxt.Location = new Point(180, 393);
logincontrolTxt.ForeColor = Color.Red;
txtboxID.Text = "";
txtboxPW.Text = "";
}
}
}
catch(Exception ex)
{
MessageBox.Show("Unhandled exception!", "Error");
}
finally {
baglanti.Close();
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.