Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Code Project
CODE PROJECT For Those Who Code
  • Home
  • Articles
  • FAQ
Community
  1. Home
  2. Web Development
  3. ASP.NET
  4. ASP.NET and Database

ASP.NET and Database

Scheduled Pinned Locked Moved ASP.NET
csharpasp-netdatabasehelp
4 Posts 3 Posters 0 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H Offline
    H Offline
    Harry2004
    wrote on last edited by
    #1

    I have a database made with access. I have a table name login with two fileds name user_id and password. I want to use this to let people login to my sit. What would be the best way to do this. I thought about used olbe command like this but i need some help doing it. I am used C# command1.text (SELECT * FROM login WHERE user_id {1}, password {1}, text_id, text_password); Thanks Harry

    R M 2 Replies Last reply
    0
    • H Harry2004

      I have a database made with access. I have a table name login with two fileds name user_id and password. I want to use this to let people login to my sit. What would be the best way to do this. I thought about used olbe command like this but i need some help doing it. I am used C# command1.text (SELECT * FROM login WHERE user_id {1}, password {1}, text_id, text_password); Thanks Harry

      R Offline
      R Offline
      raj_sarna
      wrote on last edited by
      #2

      here a code example how i do it my apps : Dim cnO As New OleDbConnection("ConnectionString") Dim param As New OleDbParameter("@CategoryID", 5) Dim retval As Integer cnO.Open() Dim cmd As New OleDbCommand("Select CategoryID from Categories Where CategoryID=@CategoryID", cnO) cmd.Parameters.Add(param) retval = cmd.ExecuteScalar cnO.Close() i'm using Northwind db for example sake, substitute that with ur table. parshu

      1 Reply Last reply
      0
      • H Harry2004

        I have a database made with access. I have a table name login with two fileds name user_id and password. I want to use this to let people login to my sit. What would be the best way to do this. I thought about used olbe command like this but i need some help doing it. I am used C# command1.text (SELECT * FROM login WHERE user_id {1}, password {1}, text_id, text_password); Thanks Harry

        M Offline
        M Offline
        Mariusz Wojcik
        wrote on last edited by
        #3

        First at all - do not concatenate SQL command !!! especially for logging purpose. Let say, the user enter the following user_id or password: mav' OR 1=1 -- As you can easily check, as the result DBase'll return every record in the table and user (depends on the next code) could be logged in! Insted of the string concate, use command parameters - but remember: allways check user-entered data. Here is the example:

        01 string conStr = "DataBase_connection_string";
        02 string sql = @"SELECT * FROM login WHERE user_id = @userID AND password = @pass";
        03
        04 OleDbConnection con = new OleDbConnection(conStr);
        05 OleDbCommand cmd = new OleDbCommand(sql, con);
        06 cmd.Parameters.Add("@userID", OleDbType.VarChar, 255).Value = text_id;
        07 cmd.Parameters.Add("@pass", OleDbType.VarChar, 255).Value = text_password;
        08 con.Open();
        09 try
        10 {
        11 OleDbDataReader dr = cmd.ExecuteReader();
        12 if (dr.Read())
        13 {
        14 // here read account's data
        15 string login = dr["user_id"].ToString();
        16 }
        17 // throw exception if no record found
        18 else throw new Exception("Login error");
        19
        20 } finally { con.Close(); }

        In the first line set your DBase connection string. In the 6th and 7th line the SQL's parameters are set. Change the 2nd (the field type) and 3rd (the field length) parameters to appropriate. You can also easily change the method used in DBase connection. If you would like to use MS SQL Server, just change objects to:

        • OleDbConnection -> SqlConnection
        • OleDbCommand -> SqlCommand
        • OleDbDataReader -> SqlDataReader

        and at the top insert: using System.Data.SqlClient;. -- Mariusz 'mAv' Wójcik master e-software engineer (BPC)

        H 1 Reply Last reply
        0
        • M Mariusz Wojcik

          First at all - do not concatenate SQL command !!! especially for logging purpose. Let say, the user enter the following user_id or password: mav' OR 1=1 -- As you can easily check, as the result DBase'll return every record in the table and user (depends on the next code) could be logged in! Insted of the string concate, use command parameters - but remember: allways check user-entered data. Here is the example:

          01 string conStr = "DataBase_connection_string";
          02 string sql = @"SELECT * FROM login WHERE user_id = @userID AND password = @pass";
          03
          04 OleDbConnection con = new OleDbConnection(conStr);
          05 OleDbCommand cmd = new OleDbCommand(sql, con);
          06 cmd.Parameters.Add("@userID", OleDbType.VarChar, 255).Value = text_id;
          07 cmd.Parameters.Add("@pass", OleDbType.VarChar, 255).Value = text_password;
          08 con.Open();
          09 try
          10 {
          11 OleDbDataReader dr = cmd.ExecuteReader();
          12 if (dr.Read())
          13 {
          14 // here read account's data
          15 string login = dr["user_id"].ToString();
          16 }
          17 // throw exception if no record found
          18 else throw new Exception("Login error");
          19
          20 } finally { con.Close(); }

          In the first line set your DBase connection string. In the 6th and 7th line the SQL's parameters are set. Change the 2nd (the field type) and 3rd (the field length) parameters to appropriate. You can also easily change the method used in DBase connection. If you would like to use MS SQL Server, just change objects to:

          • OleDbConnection -> SqlConnection
          • OleDbCommand -> SqlCommand
          • OleDbDataReader -> SqlDataReader

          and at the top insert: using System.Data.SqlClient;. -- Mariusz 'mAv' Wójcik master e-software engineer (BPC)

          H Offline
          H Offline
          Harry2004
          wrote on last edited by
          #4

          Thank for your help. Am just start to Programming. I just have a A.S in Electronics.

          1 Reply Last reply
          0
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes

          • Login
          • Don't have an account? Register
          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • Popular
          • World
          • Users
          • Groups