Home/ Questions/Q 150215
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T09:15:18+00:00

I have the following code in my btn_click event: Sqlconnection con = new Sqlconnection(server=.;database=bss;user

  • 0

I have the following code in my btn_click event:

Sqlconnection con = new Sqlconnection('server=.;database=bss;user id=ab;pwd=ab'); con.open(); SqlCommand cmd = new Sqlcommand('select * from login where username=''  + txt4name.Text + '' and pwd='' + txt4pwd.Text + ''', con);  SqlDataReader reader = cmd.execute Reader();

Where login is the table and username and pwd are its fields. After this code all the values are stored in the reader object. I want to store username and pwd in the separate variables.

How can I accomplish this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. In general, when accessing your DB, you should be using something similar to this instead to eliminate SQL injection vulnerabilities:

    using (SqlCommand myCommand = new SqlCommand('SELECT * FROM USERS WHERE USERNAME=@username AND PASSWORD=HASHBYTES('SHA1', @password)', myConnection))     {                             myCommand.Parameters.AddWithValue('@username', user);         myCommand.Parameters.AddWithValue('@password', pass);          myConnection.Open();         SqlDataReader myReader = myCommand.ExecuteReader())         ...................     }

    But more realistically to store credentials, you should be using something like the Membership system instead of rolling your own.

    • 0