C# to Mysql Login code Error
-
Because as the other Richard said below, you are not checking the result of your query! :doh: And as I said above, you are storing passwords insecurely. If you're intending to use this code in a real application, then I hope you've got deep pockets, because you're going to get hit with a multi-million dollar fine PDQ.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Look at your query:
Quote:
select * from login where userid=@userid, password=@password, confirmpassword=@confirmpassword where loginid=@loginid is same
You have two
whereclauses, which is not valid. And as far as I can see, thatis sameon the end is also not valid. And putting a comma between conditions is also not valid - you need to useANDinstead. Aside from that, you have four parameters:@userid,@password,@confirmpassword, and@loginid. Now look at the parameters you are passing to the command:Quote:
cmd.Parameters.AddWithValue("@userid", id);
//cmd.Parameters.AddWithValue("@employee_id", Convert.ToInt32(id));
cmd.Parameters.AddWithValue("@password", password);
//cmd.Parameters.AddWithValue("@confirmpassword", confirmpassword);You are passing TWO parameters:
@useridand@password. Either fix you query to use the parameters you are passing, or fix your code to pass the parameters required by the query.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
Sir, I have passed 3parameters but still it login in with wrong user id password also, how to write correct mysql query here?
string connectionString;
MySqlConnection cnn;
connectionString = @"Data Source=localhost;Initial Catalog=testDB;User ID=root;Password=mysql";
cnn = new MySqlConnection(connectionString);
//cnn.Open();
string id = textBox9.Text;
string password = textBox10.Text;
string loginid = "";
textBox9.Text = "";
textBox10.Text = "";
string query = "select * from login where userid=@userid and password=@password and loginid=@loginid";
using (MySqlCommand cmd = new MySqlCommand(query))
{
cmd.Parameters.AddWithValue("@userid", id);
//cmd.Parameters.AddWithValue("@employee_id", Convert.ToInt32(id));
cmd.Parameters.AddWithValue("@password", password);
cmd.Parameters.AddWithValue("@loginid", loginid);
//cmd.Parameters.AddWithValue("@confirmpassword", confirmpassword);
cmd.Connection = cnn;
cnn.Open();
cmd.ExecuteNonQuery();
DialogResult dr = MessageBox.Show("Are you sure to Login now?", "Confirmation", MessageBoxButtons.YesNo);
if (dr == DialogResult.Yes)
{
MessageBox.Show("Login Successfully");
cnn.Close();
this.Hide();
Form2 f2 = new Form2();
f2.ShowDialog();
}
else if (dr == DialogResult.No)
{
MessageBox.Show("Please Enter Correct Login details");
}
}
}
else
{
MessageBox.Show("Please Enter details to Login");
}
} -
No sir mysql command was not succeeded, when i am giving wrong userid passwor dit shows login successfull i think sql query to be change
Yes, it shows login successful because, as I keep repeating, you post that message even when the
ExecuteNonQueryfails. You need to start thinking about your code in logical steps rather than just throwing statements together and hoping it will work. 1. Perform theExecuteNonQuery, and capture the return value. 2. Does the return value indicate success? 2.1. No - tell the user it failed. 2.2 Yes - and only at this point, tell the user it succeeded. 3. Perform other actions. -
Sir, I have passed 3parameters but still it login in with wrong user id password also, how to write correct mysql query here?
string connectionString;
MySqlConnection cnn;
connectionString = @"Data Source=localhost;Initial Catalog=testDB;User ID=root;Password=mysql";
cnn = new MySqlConnection(connectionString);
//cnn.Open();
string id = textBox9.Text;
string password = textBox10.Text;
string loginid = "";
textBox9.Text = "";
textBox10.Text = "";
string query = "select * from login where userid=@userid and password=@password and loginid=@loginid";
using (MySqlCommand cmd = new MySqlCommand(query))
{
cmd.Parameters.AddWithValue("@userid", id);
//cmd.Parameters.AddWithValue("@employee_id", Convert.ToInt32(id));
cmd.Parameters.AddWithValue("@password", password);
cmd.Parameters.AddWithValue("@loginid", loginid);
//cmd.Parameters.AddWithValue("@confirmpassword", confirmpassword);
cmd.Connection = cnn;
cnn.Open();
cmd.ExecuteNonQuery();
DialogResult dr = MessageBox.Show("Are you sure to Login now?", "Confirmation", MessageBoxButtons.YesNo);
if (dr == DialogResult.Yes)
{
MessageBox.Show("Login Successfully");
cnn.Close();
this.Hide();
Form2 f2 = new Form2();
f2.ShowDialog();
}
else if (dr == DialogResult.No)
{
MessageBox.Show("Please Enter Correct Login details");
}
}
}
else
{
MessageBox.Show("Please Enter details to Login");
}
}You really can't be bothered to pay attention, can you? :doh: Programming is not about throwing some random code together from a couple of internet searches, and then pestering other people to fix it for you. If you can't think for yourself, then you have chosen the wrong career.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Sir, how to save password securely? pls suggest in my code and mysql query also wrong bcz it login with wrong userid and password also
One again, since you can't be bothered to pay attention: Secure Password Authentication Explained Simply[^] Salted Password Hashing - Doing it Right[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
You really can't be bothered to pay attention, can you? :doh: Programming is not about throwing some random code together from a couple of internet searches, and then pestering other people to fix it for you. If you can't think for yourself, then you have chosen the wrong career.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Yes, it shows login successful because, as I keep repeating, you post that message even when the
ExecuteNonQueryfails. You need to start thinking about your code in logical steps rather than just throwing statements together and hoping it will work. 1. Perform theExecuteNonQuery, and capture the return value. 2. Does the return value indicate success? 2.1. No - tell the user it failed. 2.2 Yes - and only at this point, tell the user it succeeded. 3. Perform other actions.I clearly telling again mysql query is error here, ExecuteNonQuery is returned value it means i logged in with wrong userid and password also.
-
I clearly telling again mysql query is error here, ExecuteNonQuery is returned value it means i logged in with wrong userid and password also.
No, that is not what it means, please read the documentation: SqlCommand.ExecuteNonQuery Method (System.Data.SqlClient) | Microsoft Docs[^]. When you use a SELECT to find a particular user id and the return value says that there is an existing row it means that the details are correct. However since most of your code is in the wrong order it is unlikely that any of your results are correct.
-
Sir, I pay attention sir, you said i am passing 2parameters now i am passing 3parameters and login means it shows login successful with wrong userid password also i think my sql query should be change here
You are clearly not paying attention, neither here nor in your class. You have repeatedly been told that you need to check the results of your query. You have been told how to do that. And yet you continue to ask how to do what you have already been told how to do, and insist that you need to change your query rather than your code.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Sir, I have passed 3parameters but still it login in with wrong user id password also, how to write correct mysql query here?
string connectionString;
MySqlConnection cnn;
connectionString = @"Data Source=localhost;Initial Catalog=testDB;User ID=root;Password=mysql";
cnn = new MySqlConnection(connectionString);
//cnn.Open();
string id = textBox9.Text;
string password = textBox10.Text;
string loginid = "";
textBox9.Text = "";
textBox10.Text = "";
string query = "select * from login where userid=@userid and password=@password and loginid=@loginid";
using (MySqlCommand cmd = new MySqlCommand(query))
{
cmd.Parameters.AddWithValue("@userid", id);
//cmd.Parameters.AddWithValue("@employee_id", Convert.ToInt32(id));
cmd.Parameters.AddWithValue("@password", password);
cmd.Parameters.AddWithValue("@loginid", loginid);
//cmd.Parameters.AddWithValue("@confirmpassword", confirmpassword);
cmd.Connection = cnn;
cnn.Open();
cmd.ExecuteNonQuery();
DialogResult dr = MessageBox.Show("Are you sure to Login now?", "Confirmation", MessageBoxButtons.YesNo);
if (dr == DialogResult.Yes)
{
MessageBox.Show("Login Successfully");
cnn.Close();
this.Hide();
Form2 f2 = new Form2();
f2.ShowDialog();
}
else if (dr == DialogResult.No)
{
MessageBox.Show("Please Enter Correct Login details");
}
}
}
else
{
MessageBox.Show("Please Enter details to Login");
}
}How many times do I need to say it: Do not post a success message when you have not checked the result of your Database query. This is the way you should do it:
cnn.Open();
int result = cmd.ExecuteNonQuery(); // always capture the result
cnn.Close();
if (result == 1)
{
MessageBox.Show("Login was successful");
}
else
{
MessageBox.Show("The entered details were not correct");
}Also, why do you need two ids (
useridandloginid)? You should only need a single id and a password. -
How many times do I need to say it: Do not post a success message when you have not checked the result of your Database query. This is the way you should do it:
cnn.Open();
int result = cmd.ExecuteNonQuery(); // always capture the result
cnn.Close();
if (result == 1)
{
MessageBox.Show("Login was successful");
}
else
{
MessageBox.Show("The entered details were not correct");
}Also, why do you need two ids (
useridandloginid)? You should only need a single id and a password.How to change code in my coding like this sir? because my code is logging in if i enter wrong username and password also
-
How many times do I need to say it: Do not post a success message when you have not checked the result of your Database query. This is the way you should do it:
cnn.Open();
int result = cmd.ExecuteNonQuery(); // always capture the result
cnn.Close();
if (result == 1)
{
MessageBox.Show("Login was successful");
}
else
{
MessageBox.Show("The entered details were not correct");
}Also, why do you need two ids (
useridandloginid)? You should only need a single id and a password.Put the same code in my code that why i can understand easily sir
-
How many times do I need to say it: Do not post a success message when you have not checked the result of your Database query. This is the way you should do it:
cnn.Open();
int result = cmd.ExecuteNonQuery(); // always capture the result
cnn.Close();
if (result == 1)
{
MessageBox.Show("Login was successful");
}
else
{
MessageBox.Show("The entered details were not correct");
}Also, why do you need two ids (
useridandloginid)? You should only need a single id and a password.I have changed my code sir, but still logging in for wrong userid and password
if (textBox9.Text != "" && textBox10.Text != "")
{
string connectionString;
MySqlConnection cnn;
connectionString = @"Data Source=localhost;Initial Catalog=testDB;User ID=root;Password=mysql";
cnn = new MySqlConnection(connectionString);
string id = textBox9.Text;
string password = textBox10.Text;
textBox9.Text = "";
textBox10.Text = "";
string query = "select * from login where userid=@userid and password=@password";
using (MySqlCommand cmd = new MySqlCommand(query))
{
cmd.Parameters.AddWithValue("@userid", id);
cmd.Parameters.AddWithValue("@password", password);
cmd.Connection = cnn;
cnn.Open();
cmd.ExecuteNonQuery();
DialogResult dr = MessageBox.Show("Are you sure to Login now?", "Confirmation Message", MessageBoxButtons.YesNo);
if (dr == DialogResult.Yes)
{
MessageBox.Show("Login Successfully");
cnn.Close();
this.Hide();
Form2 f2 = new Form2();
f2.ShowDialog();
}
else if (dr == DialogResult.No)
{
MessageBox.Show("Please Enter Correct Login details");
}
}
}
else
{
MessageBox.Show("Please Enter With Correct Login Details");
} -
I have changed my code sir, but still logging in for wrong userid and password
if (textBox9.Text != "" && textBox10.Text != "")
{
string connectionString;
MySqlConnection cnn;
connectionString = @"Data Source=localhost;Initial Catalog=testDB;User ID=root;Password=mysql";
cnn = new MySqlConnection(connectionString);
string id = textBox9.Text;
string password = textBox10.Text;
textBox9.Text = "";
textBox10.Text = "";
string query = "select * from login where userid=@userid and password=@password";
using (MySqlCommand cmd = new MySqlCommand(query))
{
cmd.Parameters.AddWithValue("@userid", id);
cmd.Parameters.AddWithValue("@password", password);
cmd.Connection = cnn;
cnn.Open();
cmd.ExecuteNonQuery();
DialogResult dr = MessageBox.Show("Are you sure to Login now?", "Confirmation Message", MessageBoxButtons.YesNo);
if (dr == DialogResult.Yes)
{
MessageBox.Show("Login Successfully");
cnn.Close();
this.Hide();
Form2 f2 = new Form2();
f2.ShowDialog();
}
else if (dr == DialogResult.No)
{
MessageBox.Show("Please Enter Correct Login details");
}
}
}
else
{
MessageBox.Show("Please Enter With Correct Login Details");
}There really is no point in continuing this thread. It does not matter how many times we tell you how to correct your code you insist on ignoring our advice. My previous reply showed you exactly how to do it correctly, and yet you just repeat the same bad code. I suggest you consider a different career path.
-
There really is no point in continuing this thread. It does not matter how many times we tell you how to correct your code you insist on ignoring our advice. My previous reply showed you exactly how to do it correctly, and yet you just repeat the same bad code. I suggest you consider a different career path.
Why you are not correcting my code and sending me? i said the error you know the code and sending some examples also then you can send correct code it is useful to me please
-
Why you are not correcting my code and sending me? i said the error you know the code and sending some examples also then you can send correct code it is useful to me please
-
There really is no point in continuing this thread. It does not matter how many times we tell you how to correct your code you insist on ignoring our advice. My previous reply showed you exactly how to do it correctly, and yet you just repeat the same bad code. I suggest you consider a different career path.
Sir, How to write mysql query if stored userid password is correct means then it enter successfull suppose not stored values entered means the messagebox is wrong.....
-
Sir, How to write mysql query if stored userid password is correct means then it enter successfull suppose not stored values entered means the messagebox is wrong.....
-
No, that is not what it means, please read the documentation: SqlCommand.ExecuteNonQuery Method (System.Data.SqlClient) | Microsoft Docs[^]. When you use a SELECT to find a particular user id and the return value says that there is an existing row it means that the details are correct. However since most of your code is in the wrong order it is unlikely that any of your results are correct.
Sir, You all are blaming me always, you know the code but you are not providing me. Thank you all.
-
Why do you ignore everything we tell you? Go back to the code sample I gave you, it shows exactly how to do it correctly. This is my last message on this subject.
Pls correct and send me in my code sir that why i can understand sir send me please
