Find user & password in Access DB.

sea

I'm writing a small app, and I have to prepare a form which will authenticate users. This is the code I wrote. The problem is I get exception in the marked line : "no value given for for on or more required parameters" What is wrong with it? Table name is users. Column name is UserName public void userExists(string username) { try {//SQL statements string sqlFinduser = "SELECT COUNT(UserName) AS UserNameExists " + "FROM users " + "WHERE (UserName=" + username + ")"; //Command object OleDbCommand cmdFindsqlFinduser = new OleDbCommand(); cmdFindsqlFinduser.Connection = cnSurvey; cmdFindsqlFinduser.CommandType = CommandType.Text; cmdFindsqlFinduser.CommandText = sqlFinduser; //Connect cnSurvey.Open(); //Execute command int count = int.Parse(cmdFindsqlFinduser.ExecuteScalar().ToString()); //error is right here bool exists = count != 0 ? true : false; //Disconnect cnSurvey.Close(); //Return result // return exists; } catch(Exception ex) { MessageBox.Show(ex.Message); } } TIA, Ronen

Guffa

That means that you have one or more names in your query that the database does not regognise. You have forgotten the apostrophes around the value for username. The database will try to interpret the username as being an identifier, not a string. --- b { font-weight: normal; }

malharone

How about changing (UserName=" + username + ")" to (UserName='" + username + "')" assume: username = "abc" Current code: (UserName = abc) Fixed code: (UserName = 'abc')

Matt Gerrans

:sigh: How about using Parameters instead of duct-taping together your SQL statements? Visual Basic and Visual C# Concepts - Parameters in Data-Adapter Commands[^] Doesn't everyone know about the security holes in the duct-tape approach, yet? By the way, are you storing the password in the db in plain text? Matt Gerrans