C# to Mysql Login code Error

N Mohamed rafi

Sir, I have studied and tried to put login page but it shows code error please tell me the correction sir It shows error: System.InvalidOperationException: 'The connection is already and also code error private void button14_Click(object sender, EventArgs e) { if (textBox9.Text != "" && textBox10.Text != "") { string connectionString; MySqlConnection cnn; connectionString = @"Data Source=localhost;Initial Catalog=testDB;User ID=root;Password=mysql"; cnn = new MySqlConnection(connectionString); cnn.Open(); string id = textBox9.Text; string password = textBox10.Text; textBox9.Text = ""; textBox10.Text = ""; string query = "select * from login where userid=@userid,password=@password,confirmpassword=@confirmpassword where loginid=@loginid is same"; //string query = "update employee set employee_name=@employee_name,employee_salary=@employee_salary where employee_id=@employee_id"; using (MySqlCommand cmd = new MySqlCommand(query)) { cmd.Parameters.AddWithValue("@userid", id); //cmd.Parameters.AddWithValue("@employee_id", Convert.ToInt32(id)); cmd.Parameters.AddWithValue("@password", password); //cmd.Parameters.AddWithValue("@confirmpassword", confirmpassword); cmd.Connection = cnn; cnn.Open(); cmd.ExecuteNonQuery(); DialogResult dr = MessageBox.Show("Are you sure to Login now?", "Confirmation", MessageBoxButtons.YesNo); if (dr == DialogResult.Yes) { MessageBox.Show("Login Successfully"); cnn.Close(); this.Hide(); Form2 f2 = new Form2(); f2.ShowDialog(); } else if (dr == DialogResult.No) { MessageBox.Show("Please Enter Correct Login details"); } } } else { MessageBox.Show("Please Enter details to Login"); } } }

Richard Deeming

You are storing your user's passwords in plain text - twice. Don't do that! Secure Password Authentication Explained Simply[^] Salted Password Hashing - Doing it Right[^] The "confirm password" value should only be used to verify that the user has entered the same password twice. You should not store it, since it will be identical to the password. The password itself should never be stored. Instead, store a salted hashed value, using multiple rounds of a cryptographically-secure one-way hash algorithm, and a unique salt for each record. Anything less will lead to massive fines for not storing your users' data properly.

---

"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer

Richard Deeming

As to your error, which you have truncated:

Quote:

cnn = new MySqlConnection(connectionString);
cnn.Open();
...
cmd.Connection = cnn;
cnn.Open();
cmd.ExecuteNonQuery();

You are opening the connection twice. When you try to open a connection which has already been opened, you will get an exception telling you that the connection has already been opened.

---

"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer

N Mohamed rafi

I got error in this line sir cmd.ExecuteNonQuery();

Richard Deeming

No, you get an error on the second call to Open. The debugger is just showing you the wrong line.

---

"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer

N Mohamed rafi

Sir, I have removed First given open connection now the error is coming like MySql.Data.MySqlClient.MySqlException: 'Fatal error encountered during command execution.' MySqlException: Parameter '@loginid' must be defined.

Lost User

And you are still not checking the result of ExecuteNonQuery, but putting the success message based on the user pressing the "Yes" button.

N Mohamed rafi

How to check it. Please give step procedure sir or video link

Richard Deeming

Look at your query:

Quote:

select * from login where userid=@userid, password=@password, confirmpassword=@confirmpassword where loginid=@loginid is same

You have two where clauses, which is not valid. And as far as I can see, that is same on the end is also not valid. And putting a comma between conditions is also not valid - you need to use AND instead. Aside from that, you have four parameters: @userid, @password, @confirmpassword, and @loginid. Now look at the parameters you are passing to the command:

Quote:

cmd.Parameters.AddWithValue("@userid", id);
//cmd.Parameters.AddWithValue("@employee_id", Convert.ToInt32(id));
cmd.Parameters.AddWithValue("@password", password);
//cmd.Parameters.AddWithValue("@confirmpassword", confirmpassword);

You are passing TWO parameters: @userid and @password. Either fix you query to use the parameters you are passing, or fix your code to pass the parameters required by the query.

---

"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer

Lost User

I have already explained more than once. When you call cmd.ExecuteNonQuery(); you must check the return value, to see whether the SQL command succeeded. Only when you have a success return can you post a message that tells the user that his action has worked. You must do this on all database access commands, never assume that your code has worked - most of the time it has not.

N Mohamed rafi

Sir, Now i have passed three parameters but it shows login successfull with wrong userid password also sir if (textBox9.Text != "" && textBox10.Text != "") { string connectionString; MySqlConnection cnn; connectionString = @"Data Source=localhost;Initial Catalog=testDB;User ID=root;Password=mysql"; cnn = new MySqlConnection(connectionString); string id = textBox9.Text; string password = textBox10.Text; string loginid = ""; textBox9.Text = ""; textBox10.Text = ""; string query = "select * from login where userid=@userid and password=@password and loginid=@loginid"; using (MySqlCommand cmd = new MySqlCommand(query)) { cmd.Parameters.AddWithValue("@userid", id); cmd.Parameters.AddWithValue("@password", password); cmd.Parameters.AddWithValue("@loginid", loginid); cmd.Connection = cnn; cnn.Open(); cmd.ExecuteNonQuery(); DialogResult dr = MessageBox.Show("Are you sure to Login now?", "Confirmation", MessageBoxButtons.YesNo); if (dr == DialogResult.Yes) { MessageBox.Show("Login Successfully"); cnn.Close(); this.Hide(); Form2 f2 = new Form2(); f2.ShowDialog(); } else if (dr == DialogResult.No) { MessageBox.Show("Please Enter Correct Login details"); } } } else { MessageBox.Show("Please Enter details to Login"); } }

Richard Deeming

Because as the other Richard said below, you are not checking the result of your query! :doh: And as I said above, you are storing passwords insecurely. If you're intending to use this code in a real application, then I hope you've got deep pockets, because you're going to get hit with a multi-million dollar fine PDQ.

---

"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer

N Mohamed rafi

No sir mysql command was not succeeded, when i am giving wrong userid passwor dit shows login successfull i think sql query to be change

N Mohamed rafi

Sir, how to save password securely? pls suggest in my code and mysql query also wrong bcz it login with wrong userid and password also

N Mohamed rafi

Sir, I have passed 3parameters but still it login in with wrong user id password also, how to write correct mysql query here?

string connectionString;
MySqlConnection cnn;
connectionString = @"Data Source=localhost;Initial Catalog=testDB;User ID=root;Password=mysql";
cnn = new MySqlConnection(connectionString);
//cnn.Open();
string id = textBox9.Text;
string password = textBox10.Text;
string loginid = "";
textBox9.Text = "";
textBox10.Text = "";
string query = "select * from login where userid=@userid and password=@password and loginid=@loginid";
using (MySqlCommand cmd = new MySqlCommand(query))
{
cmd.Parameters.AddWithValue("@userid", id);
//cmd.Parameters.AddWithValue("@employee_id", Convert.ToInt32(id));
cmd.Parameters.AddWithValue("@password", password);
cmd.Parameters.AddWithValue("@loginid", loginid);
//cmd.Parameters.AddWithValue("@confirmpassword", confirmpassword);
cmd.Connection = cnn;
cnn.Open();
cmd.ExecuteNonQuery();
DialogResult dr = MessageBox.Show("Are you sure to Login now?", "Confirmation", MessageBoxButtons.YesNo);
if (dr == DialogResult.Yes)
{
MessageBox.Show("Login Successfully");
cnn.Close();
this.Hide();
Form2 f2 = new Form2();
f2.ShowDialog();
}
else if (dr == DialogResult.No)
{
MessageBox.Show("Please Enter Correct Login details");
}
}
}
else
{
MessageBox.Show("Please Enter details to Login");
}
}

Lost User

Yes, it shows login successful because, as I keep repeating, you post that message even when the ExecuteNonQuery fails. You need to start thinking about your code in logical steps rather than just throwing statements together and hoping it will work. 1. Perform the ExecuteNonQuery, and capture the return value. 2. Does the return value indicate success? 2.1. No - tell the user it failed. 2.2 Yes - and only at this point, tell the user it succeeded. 3. Perform other actions.

Richard Deeming

You really can't be bothered to pay attention, can you? :doh: Programming is not about throwing some random code together from a couple of internet searches, and then pestering other people to fix it for you. If you can't think for yourself, then you have chosen the wrong career.

---

"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer

Richard Deeming

One again, since you can't be bothered to pay attention: Secure Password Authentication Explained Simply[^] Salted Password Hashing - Doing it Right[^]

---

"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer

N Mohamed rafi

Sir, I pay attention sir, you said i am passing 2parameters now i am passing 3parameters and login means it shows login successful with wrong userid password also i think my sql query should be change here

N Mohamed rafi

I clearly telling again mysql query is error here, ExecuteNonQuery is returned value it means i logged in with wrong userid and password also.