Home/ Questions/Q 7603651
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T23:42:40+00:00

I want to make a simple login page, without register just a username and

  • 0

I want to make a simple login page, without register just a username and a password I used in the SQL database. this is what I wrote now for button1:

string connection_string = "Path to database";
SqlConnection connect = new SqlConnection();
connect.ConnectionString = connection_string;
connect.Open();
string sql = "Select * FROM Register where username=@username and password=@password";
SqlCommand 1 = new SqlCommand("username",textbox1User.text);
SqlCommand 2 = new SqlCommand("password",textbox2pass.text);

That’s what I have now. I need to do the rest of login page and if values are ok then I will be redirected on a page. but I also need to know how can I protect the page for not being allowed to access it by other users just by typing the url to file. So it should work only If I login.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First, I must congratulate you on wanting to use parameters for your SQL. A lot of beginners do not do this, leading to horrible SQL Injection attacks.

    Second, you really should be hashing your passwords. Never ever store plain text passwords. Since how exactly to hash passwords is a matter of much debate and would complicate the code, I’ll set this aside for now.

    Now, moving on to the actual question. First, there’s a few mistakes in the code. First is the parameters are being created wrong, what you have should be more along the lines of this:

    using(SqlConnection conn = new SqlConnection("connection string"))
{
    SqlCommand cmd = new SqlCommand("Select * FROM Register where username=@username and password=@password", conn);
    cmd.Parameters.AddWithValue("@username", textbox1User.Text);
    cmd.Parameters.AddWithValue("@password", textbox2User.Text);
}

    (see http://msdn.microsoft.com/en-us/library/yh598w02.aspx for more about using. It’s a good habit to get into)

    With that done, to easily validate the login, you can do something like this for your SqlCommand:

    SELECT COUNT(*) FROM Register WHERE username=@username AND password=@password

    And then add this to your code, after adding the parameters, but before the closing brace on the using:

    conn.Open();    
int result = Convert.ToInt32(cmd.ExecuteScalar());

    result will be 0 if no user was found, or 1 if exactly one user was found (If you can have multiple users with the same user name, there are other issues outside of this scope).

    Now, as for enforcing access control take a look at http://support.microsoft.com/kb/301240 The terms you are interested in for this is “Forms Authentication” and “web.config authorization”. Please note that the code samples in the link provided are a bit outdated, but, in general, show how to accomplish what you are asking.

    That should get you started down the right track.

    • 0