I’m trying to execute my login form using a SQL Server database.. but I’m getting an error saying
Incorrect syntax near ‘‘
The line where I am getting the error is:
objda.Fill(objds, "adm");
and my code is:
public partial class Form1 : Form
{
int total;
SqlConnection objc;
string c = "data source=.; initial catalog=student; integrated security=SSPI";
SqlDataAdapter objda;
DataSet objds;
SqlCommand objcmd;
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
}
private void button1_Click(object sender, EventArgs e)
{
if (objc != null)
{
objc.Open();
}
objcmd = new SqlCommand("select * form adm where Name= ' " + textBox1.Text + "',pass = ' " + textBox2.Text + "'", objc);
if (objc != null)
{
objc.Close();
}
objc = new SqlConnection(c);
objcmd = new SqlCommand("search * from adm", objc);
objda = new SqlDataAdapter(objcmd.CommandText, objc);
objds = new DataSet();
objda.Fill(objds, "adm");
total = Convert.ToInt32(objds.Tables["adm"].Rows.Count);
if (total > 0)
{
MessageBox.Show("welcome");
Class1.login = textBox1.Text;
Form2 f2 = new Form2();
this.Hide();
f2.Show();
}
else
{
}
What should I do?
Where is the problem?
you have forgotten to place “And” between two conditions and miss spelled
formkeyword .by the way you should use
parametersto avoidsql injectionvulnerability