Home/ Questions/Q 6011375
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T02:15:04+00:00

I can not figure out what I have done wrong here. I am trying

  • 0

I can not figure out what I have done wrong here. I am trying to set up a basic login form for my application that authenticates with my SQL database. Here is the code:

public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        lblError.Visible = false;
    }

    protected void btnLogin_Click(object sender, EventArgs e)
    {
        using (SqlConnection myConnection = new SqlConnection(ConfigurationManager.ConnectionStrings["DBConnection"].ConnectionString))
        {
            myConnection.Open();

            try
            {
                string userID = txtUser.Text;
                string passID = txtPassword.Text;

                SqlDataReader reader = null;
                SqlCommand cmd = new SqlCommand("SELECT UserName, Password From Users WHERE UserName = @user AND Password = @pass", myConnection);

                SqlParameter userParam = cmd.Parameters.Add("@user", SqlDbType.NVarChar, 50);
                SqlParameter passParam = cmd.Parameters.Add("@pass", SqlDbType.NVarChar, 50);

                userParam.Value = userID;
                passParam.Value = passID;

                reader = cmd.ExecuteReader();

                while (reader.Read())
                {
                    if (reader["UserName"].ToString() == userID && reader["Password"].ToString() == passID)
                    {
                        Response.Redirect("TaskMonitor.aspx");
                    }

                    else
                    {
                        lblError.Visible = true;
                    }
                }
            }

            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
            }

            myConnection.Close();
        }
    }
}

It does not do anything whether I enter a correct username and password or incorrect.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Because when username or password is invalid, no rows are returned and your code inside while doesn’t get executed.

    You can change it to:

    SqlCommand cmd = new SqlCommand("SELECT COUNT(*) From Users WHERE UserName = @user AND Password = @pass", myConnection);
/* ... init parameters etc ... */
if((int)cmd.ExecuteScalar() == 0)
{
    // Access Denied
}
else
{
    // Access Granted
}
    • 0