{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Emotional °昔 的问题《Exception: System.InvalidOperationException Trying》','https://www.manongdao.com/q-742724.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to create a login Form. But Having Problems with database. I have created a windows form which consists of a user name and password, and a login button. But I think statement :
DataAdapterObject.Fill(DataTableObject)
has some error. I am using Visual Studio Profesional 2013 Update 4 and Sql Server 2014 Enterprise Editon.
The Code is as follows :
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Data.SqlClient;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
namespace Society_Accounting_Software
{
public partial class LoginScreen : Form
{
SqlConnection databaseConnect = new SqlConnection();
public LoginScreen()
{
SqlConnection databaseConnect = new SqlConnection();
databaseConnect.ConnectionString = "Data Source=GAURAV-PC;Initial Catalog=SocietyAccountingDatabase;Integrated Security=True";
InitializeComponent();
}
private void label1_Click(object sender, EventArgs e)
{
}
private void Form1_Load(object sender, EventArgs e)
{
SqlConnection databaseConnect = new SqlConnection("Data Source=GAURAV-PC;Initial Catalog=SocietyAccountingDatabase;Integrated Security=True");
databaseConnect.Open();
}
private void textBox1_TextChanged(object sender, EventArgs e)
{
}
private void label2_Click(object sender, EventArgs e)
{
}
private void textBox1_TextChanged_1(object sender, EventArgs e)
{
}
private void button1_Click(object sender, EventArgs e)
{
string queryString = "select UserId,UserPassword from UserAccounts where UserId='gaurav' AND UserPassword='test123'";
SqlConnection databaseConnect = new SqlConnection();
databaseConnect.ConnectionString = "Data Source=GAURAV-PC;Initial Catalog=SocietyAccountingDatabase;Integrated Security=True";
databaseConnect.Open();
string userName = UserNameTextBox.Text;
string Password = PasswordTextBox.Text;
SqlCommand SqlCommandObject = new SqlCommand("select UserId,UserPassword from UserAccounts where UserId='"+userName+"' AND UserPassword='"+Password+"'");
SqlDataAdapter DataAdapterObject = new SqlDataAdapter(SqlCommandObject);
DataTable DataTableObject = new DataTable();
DataAdapterObject.Fill(DataTableObject);
if (DataTableObject.Rows.Count > 0)
{
MessageBox.Show("Login Sucessful");
AdminConsoleForm AdminConsole= new AdminConsoleForm();
this.Hide();
AdminConsole.Show();
}
else
{
MessageBox.Show("Invalid Login Name And Password Please Try Again!");
}
databaseConnect.Close();
//AdminConsoleForm AdminConsole= new AdminConsoleForm();
//this.Hide();
//AdminConsole.Show();
}
}
}
Can any one help?
A Simple code for a login form:
I have kept the code really simple. You can do salting if you want security.
First, as your form load, you've already instantiated a connection string and immediately open it. Second, as user clicks the button to login, you've instantiated the same connection string and open it again, which makes the operation redundant. Because the connection state of that Database is already Open which you're trying to Open again during button click which makes the operation impossible or cannot be processed.
Wherever possible you should be
usingdatabase connections like so.At the moment you are randomly creating connections in various methods ontop of having a connection field, this is pretty confusing.
You should not be concatenating SQL and should use parameterised queries
Passwords should never be stored as plaintext and you should not be able to query the password 'directly'. A simple method of securing passwords is to hash the password with a random salt, storing the salt along with the hash in the database.
You don't really need a
DataTableyou should only have a single row returned and aDataReaderis enough in this scenario.I would recommend reading through this article Salted Password Hashing - Doing it Right on CodeProject.