I have datatable like this.
uid m_code pass roleID
1 F2 F2 2
2 S2 S2 0
And i want to let user log-in depending on their roles.
I tried using this code, but it isn’t working at all. Any help much appreciated.
string user = textBox1.Text;
string pass = textBox2.Text;
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["conString"].ConnectionString);
SqlCommand cmd = new SqlCommand("select * from login where m_code='" + user + "' and pass='" + pass + "'", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
if(dt.Columns[3].ToString() == "0")
{
this.Hide();
StudentUI s = new StudentUI();
s.Show();
}
if (dt.Columns[3].ToString() == "1")
{
this.Hide();
TeacherUI t = new TeacherUI();
t.Show();
}
if (dt.Columns[3].ToString() == "2")
{
FacultyUI f = new FacultyUI();
f.Show();
}
else
{
MessageBox.Show("Login Failed");
}
I agree with Blachshma, you should use parameters to mitigate the risk of Sql Injections. In the meantime, let’s fix up your logic: