Home/ Questions/Q 8067489
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T12:18:59+00:00

i have the table user_info created and with 2 username and password in it.

  • 0

i have the table user_info created and with 2 username and password in it.
When i execute the below code,it always goes into the “else” condition even if i type hte correct username and password.

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
    string v = System.Configuration.ConfigurationManager.ConnectionStrings["harish"].ConnectionString;
    con = new OracleConnection(v);
    con.Open();

    cmd = new OracleCommand("select * from user_info where username='" + Login1.UserName.Trim() + "' and password='" + Login1.Password + "'", con);
    dr = cmd.ExecuteReader();
    dr.Read();
    if (dr.HasRows)
    {
        Response.Redirect("Default2.aspx");
    }
    else
    {
        Response.Redirect("Default.aspx");
    }


    con.Close();
    dr.Close();
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First things first, you should at a minimum be hashing the password. Also it’s best practice to not leave your connections at a class level. They should be created, opened, and closed when you use them. Same with commands, readers, etc…This can be done very easily with a using block.

    Next, ensure you are accessing the actual string values and not controls when using Login1.UserName and Login1.Password. If you’re using controls, you need to use Login1.UserName.Text.Trim() and Login1.Password.Text.Trim(). You can ensure this by storing the query you build into a local string value and seeing what’s actually built.

    Do not use the DataReader for what you are doing. Instead use the ExecuteScalar method:

    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
    string v = System.Configuration.ConfigurationManager.ConnectionStrings["harish"].ConnectionString;
    con = new OracleConnection(v);
    con.Open();

    cmd = new OracleCommand("select * from user_info where username='" + Login1.UserName.Trim() + "' and password='" + Login1.Password + "'", con);
    int count = Convert.ToInt32(cmd.ExecuteScalar());
    if (count > 0)
    {
        Response.Redirect("Default2.aspx");
    }
    else
    {
        Response.Redirect("Default.aspx");
    }

    con.Close();
}

    Once you have this setup, put a breakpoint on the if (count > 0) line. Check your query that’s stored in the local var and check the count. This should give you all you need.

    • 0