Home/ Questions/Q 8179087
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T23:55:31+00:00

I have created the following WebMethod in the back end of my application where

  • 0

I have created the following WebMethod in the back end of my application where the users login through the front end. 

[WebMethod]
    public String Login(String userName, String password)
    {

            OleDbConnection connect = new OleDbConnection(connection);
            connect.Open();
            OleDbCommand command = new OleDbCommand("Select * from login where userName='" + userName + "'  and password ='" + password + "'", connect);
            command.CommandType = CommandType.Text;
            OleDbDataAdapter adapter = new OleDbDataAdapter();
            adapter.SelectCommand = command;
            DataSet NSNSet = new DataSet();
            adapter.Fill(NSNSet);

            string username = NSNSet.Tables[0].Rows[0]["firstName"].ToString() + NSNSet.Tables[0].Rows[0]["lastName"].ToString();

            int userID = System.Convert.ToInt16(NSNSet.Tables[0].Rows[0]["UID"].ToString());

            return username + "," + userID;


    }

Currently, I have error handling in place which states –

catch(Exception ex)
            {
                string error = System.Convert.ToString(ex);
                if (error.Contains("There is no row at position 0"))
                {
                    status.Text = "Incorrect Username/Password combination";
                }
            }

This works fine, however how could I aulter my code so that it brings back a more specific error, i.e. states if the userName or password specifically are incorrect?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should do like this:

    public String Login(String userName, String password)
    {
        OleDbConnection connect = new OleDbConnection(connection);
        connect.Open();

        OleDbCommand command = new OleDbCommand("Select UID, firstName, lastName from login where userName=?  and password =?", connect);
        command.CommandType = CommandType.Text;

        //to avoid sql injection
        command.Parameters.Add(userName);
        command.Parameters.Add(password);

        OleDbDataAdapter adapter = new OleDbDataAdapter();
        adapter.SelectCommand = command;
        DataSet NSNSet = new DataSet();
        adapter.Fill(NSNSet);

        if (NSNSet.Tables[0].Rows.Count == 0)
            return "Access denied";

        string username = NSNSet.Tables[0].Rows[0]["firstName"].ToString() + NSNSet.Tables[0].Rows[0]["lastName"].ToString();
        int userID = int.Parse(NSNSet.Tables[0].Rows[0]["UID"].ToString());
        return username + "," + userID;
    }

    Or a better way, using DataReader for performance:

    public String Login(String userName, String password)
    {

        OleDbConnection connect = new OleDbConnection(connection);
        connect.Open();

        OleDbCommand command = new OleDbCommand("Select UID, firstName, lastName from login where userName=?  and password =?", connect);
        command.CommandType = CommandType.Text;

        //to avoid sql injection
        command.Parameters.Add(userName);
        command.Parameters.Add(password);

        OleDbDataReader reader=command.ExecuteReader();
        if (reader.Read())
        {
            //that means there's at least one row
            string username = reader["firstName"] + " " + reader["lastName"];
            int userID = int.Parse(reader["UID"].ToString());
            return username + "," + userID;
        }
        else
        {
            //no combination username-password found
            return "Access denied";
        }
    }
    • 0