smart device Forms-Database
-
Hi, I develop a Csharp smart device application.I was in the first step.I create a ConnexionForm where user writes his login and password,the system verifys if they are in the database .sdf.I write this code:
private void button1_Click(object sender, EventArgs e)
{
/*string req = "select Login, MotPasse from Connexion";
DataTable tab = new DataTable();
SqlCeCommand com = new SqlCeCommand(req, sqlceconn);
SqlCeDataAdapter ada = new SqlCeDataAdapter(com);
ada.Fill(tab);*/
string s1 = textBox1.Text.ToString();
string s2 = textBox2.Text.ToString();
BaseGmaoLocaleDataSet2 dat = new BaseGmaoLocaleDataSet2();
DataRow[] foundRows;
foundRows = dat.Tables["Connexion"].Select("Login like s1 and MotPasse like s2");if (foundRows != null)
{
MessageBox.Show("Authentification réussie");
MenuP m = new MenuP();
m.Show();
}
else
{
MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");
}
}}}But an error appears to me telling me that there is an error in the form of the 2 strings s1 et S2 Can you help me? Thanks for all u suggestions
-
Hi, I develop a Csharp smart device application.I was in the first step.I create a ConnexionForm where user writes his login and password,the system verifys if they are in the database .sdf.I write this code:
private void button1_Click(object sender, EventArgs e)
{
/*string req = "select Login, MotPasse from Connexion";
DataTable tab = new DataTable();
SqlCeCommand com = new SqlCeCommand(req, sqlceconn);
SqlCeDataAdapter ada = new SqlCeDataAdapter(com);
ada.Fill(tab);*/
string s1 = textBox1.Text.ToString();
string s2 = textBox2.Text.ToString();
BaseGmaoLocaleDataSet2 dat = new BaseGmaoLocaleDataSet2();
DataRow[] foundRows;
foundRows = dat.Tables["Connexion"].Select("Login like s1 and MotPasse like s2");if (foundRows != null)
{
MessageBox.Show("Authentification réussie");
MenuP m = new MenuP();
m.Show();
}
else
{
MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");
}
}}}But an error appears to me telling me that there is an error in the form of the 2 strings s1 et S2 Can you help me? Thanks for all u suggestions
I would try putting the s1 and s2 into single quotes and maybe using wild cards (%)
foundRows = dat.Tables["Connexion"].Select("Login like '%" + s1 + "%' and MotPasse like '%" + s2 +"%'");
Lucs answer is better. See that.
modified on Tuesday, April 13, 2010 9:06 AM
-
Hi, I develop a Csharp smart device application.I was in the first step.I create a ConnexionForm where user writes his login and password,the system verifys if they are in the database .sdf.I write this code:
private void button1_Click(object sender, EventArgs e)
{
/*string req = "select Login, MotPasse from Connexion";
DataTable tab = new DataTable();
SqlCeCommand com = new SqlCeCommand(req, sqlceconn);
SqlCeDataAdapter ada = new SqlCeDataAdapter(com);
ada.Fill(tab);*/
string s1 = textBox1.Text.ToString();
string s2 = textBox2.Text.ToString();
BaseGmaoLocaleDataSet2 dat = new BaseGmaoLocaleDataSet2();
DataRow[] foundRows;
foundRows = dat.Tables["Connexion"].Select("Login like s1 and MotPasse like s2");if (foundRows != null)
{
MessageBox.Show("Authentification réussie");
MenuP m = new MenuP();
m.Show();
}
else
{
MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");
}
}}}But an error appears to me telling me that there is an error in the form of the 2 strings s1 et S2 Can you help me? Thanks for all u suggestions
Hi, several comments: 1. your database does not know what s1 and s2 mean in Select("Login like s1 and MotPasse like s2"); you want the content of s1 and s2, not the names of the variables; so they must not be inside double quotes. and then you want SQL to see them as string literals, which requires single quotes. So at least you should change it to
...Select("Login like '"+s1+"' and MotPasse like '"+s2+"'");
2. it does not make sense to use like like that, there are no wildcards, nor anything special. So better write
...Select("Login = '"+s1+"' and MotPasse = '"+s2+"'");
3. you should not pass user input straight to an SQL statement, it makes your app very vulnerable; the user could type things that end up your SQL statement do things you don't want such as delete a table. Either check your inputs (you must avoid empty fields too!) or use parameterized SQL (use SQLParameter). 4. You should not store plain passwords in a database; you should use encryption or hashing. Read up on best practices for passwords! :)
Luc Pattyn [Forum Guidelines] [Why QA sucks] [My Articles]
Prolific encyclopedia fixture proof-reader browser patron addict?
We all depend on the beast below.
-
I would try putting the s1 and s2 into single quotes and maybe using wild cards (%)
foundRows = dat.Tables["Connexion"].Select("Login like '%" + s1 + "%' and MotPasse like '%" + s2 +"%'");
Lucs answer is better. See that.
modified on Tuesday, April 13, 2010 9:06 AM
it should work, however I don't think wildcards are a good idea for authentication. Chances are entering
username: a
password: awill let you in, as it would match Jan/MySecretPassword as well as an infinite number of other possible accounts. :)
Luc Pattyn [Forum Guidelines] [Why QA sucks] [My Articles]
Prolific encyclopedia fixture proof-reader browser patron addict?
We all depend on the beast below.
-
Hi, I develop a Csharp smart device application.I was in the first step.I create a ConnexionForm where user writes his login and password,the system verifys if they are in the database .sdf.I write this code:
private void button1_Click(object sender, EventArgs e)
{
/*string req = "select Login, MotPasse from Connexion";
DataTable tab = new DataTable();
SqlCeCommand com = new SqlCeCommand(req, sqlceconn);
SqlCeDataAdapter ada = new SqlCeDataAdapter(com);
ada.Fill(tab);*/
string s1 = textBox1.Text.ToString();
string s2 = textBox2.Text.ToString();
BaseGmaoLocaleDataSet2 dat = new BaseGmaoLocaleDataSet2();
DataRow[] foundRows;
foundRows = dat.Tables["Connexion"].Select("Login like s1 and MotPasse like s2");if (foundRows != null)
{
MessageBox.Show("Authentification réussie");
MenuP m = new MenuP();
m.Show();
}
else
{
MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");
}
}}}But an error appears to me telling me that there is an error in the form of the 2 strings s1 et S2 Can you help me? Thanks for all u suggestions
string s1 = textBox1.Text.ToString();
string s2 = textBox2.Text.ToString();Text property is already a string, so you don't need the ToString() method here. So :
string s1 = textBox1.Text;
string s2 = textBox2.Text;is sufficient.
SqlCeConnection cnx = new SqlCeConnection("..."); // Replace ... by the right connexion string
string req = "SELECT * FROM Connexion WHERE Login = @login AND MotPasse = @pass";
SqlCeCommand cmd = new SqlCeCommand(req, cnx);
SqlCeParameter login = new SqlCeParameter("login", s1);
cmd.Parameters.Add(login);
SqlCeParameter pass = new SqlCeParameter("pass", s2);
cmd.Parameters.Add(pass);
...Here's the general idea. Hope it'll be useful.
modified on Tuesday, April 13, 2010 10:54 AM
-
I would try putting the s1 and s2 into single quotes and maybe using wild cards (%)
foundRows = dat.Tables["Connexion"].Select("Login like '%" + s1 + "%' and MotPasse like '%" + s2 +"%'");
Lucs answer is better. See that.
modified on Tuesday, April 13, 2010 9:06 AM
Hi, Thank u Lucs,the error desappears but a new problem appears: althougth the login and password are not in my database .sdf,the system returns"successful authentification". What should I add to correct this?? Thanks a lot for u contribution
-
string s1 = textBox1.Text.ToString();
string s2 = textBox2.Text.ToString();Text property is already a string, so you don't need the ToString() method here. So :
string s1 = textBox1.Text;
string s2 = textBox2.Text;is sufficient.
SqlCeConnection cnx = new SqlCeConnection("..."); // Replace ... by the right connexion string
string req = "SELECT * FROM Connexion WHERE Login = @login AND MotPasse = @pass";
SqlCeCommand cmd = new SqlCeCommand(req, cnx);
SqlCeParameter login = new SqlCeParameter("login", s1);
cmd.Parameters.Add(login);
SqlCeParameter pass = new SqlCeParameter("pass", s2);
cmd.Parameters.Add(pass);
...Here's the general idea. Hope it'll be useful.
modified on Tuesday, April 13, 2010 10:54 AM
O.Phil wrote:
textBox1.Text.ToString()
or textBox1.Text.ToString().ToString() :confused:
Luc Pattyn [Forum Guidelines] [Why QA sucks] [My Articles]
Prolific encyclopedia fixture proof-reader browser patron addict?
We all depend on the beast below.
-
O.Phil wrote:
textBox1.Text.ToString()
or textBox1.Text.ToString().ToString() :confused:
Luc Pattyn [Forum Guidelines] [Why QA sucks] [My Articles]
Prolific encyclopedia fixture proof-reader browser patron addict?
We all depend on the beast below.
-
I was just observing that "Text property is already a string, so you don't need the ToString() method here." ;)
right. And a good thing about TextBox is it's Text property never returns null. :)
Luc Pattyn [Forum Guidelines] [Why QA sucks] [My Articles]
Prolific encyclopedia fixture proof-reader browser patron addict?
We all depend on the beast below.
-
string s1 = textBox1.Text.ToString();
string s2 = textBox2.Text.ToString();Text property is already a string, so you don't need the ToString() method here. So :
string s1 = textBox1.Text;
string s2 = textBox2.Text;is sufficient.
SqlCeConnection cnx = new SqlCeConnection("..."); // Replace ... by the right connexion string
string req = "SELECT * FROM Connexion WHERE Login = @login AND MotPasse = @pass";
SqlCeCommand cmd = new SqlCeCommand(req, cnx);
SqlCeParameter login = new SqlCeParameter("login", s1);
cmd.Parameters.Add(login);
SqlCeParameter pass = new SqlCeParameter("pass", s2);
cmd.Parameters.Add(pass);
...Here's the general idea. Hope it'll be useful.
modified on Tuesday, April 13, 2010 10:54 AM
Hi, I add what u tell me about but still the same problem.
private void button1_Click(object sender, EventArgs e)
{
/*string req = "select Login, MotPasse from Connexion";
DataTable tab = new DataTable();
SqlCeCommand com = new SqlCeCommand(req, sqlceconn);
SqlCeDataAdapter ada = new SqlCeDataAdapter(com);
ada.Fill(tab);*/
string s1 = textBox1.Text;
string s2 = textBox2.Text;
SqlCeConnection cnx = new SqlCeConnection();
string wCS = String.Format("DATA SOURCE = '{0}';", Program.gFichierBase);
cnx.ConnectionString = wCS;
string req = "SELECT * FROM Connexion WHERE Login = @login AND MotPasse = @pass";
SqlCeCommand cmd = new SqlCeCommand(req, cnx);
SqlCeParameter login = new SqlCeParameter("login", s1);
cmd.Parameters.Add(login);
SqlCeParameter pass = new SqlCeParameter("pass", s2);
cmd.Parameters.Add(pass);
BaseGmaoLocaleDataSet2 dat = new BaseGmaoLocaleDataSet2();
DataRow[] foundRows;
foundRows = dat.Tables["Connexion"].Select("Login like '%" + s1 + "%' and MotPasse like '%" + s2 + "%'");
if (foundRows != null)
{
MessageBox.Show("Authentification réussie");
MenuP m = new MenuP();
m.Show();
}
else
{
MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");
}
}It seems so difficult :) Thanks for u contribution
-
Hi, I add what u tell me about but still the same problem.
private void button1_Click(object sender, EventArgs e)
{
/*string req = "select Login, MotPasse from Connexion";
DataTable tab = new DataTable();
SqlCeCommand com = new SqlCeCommand(req, sqlceconn);
SqlCeDataAdapter ada = new SqlCeDataAdapter(com);
ada.Fill(tab);*/
string s1 = textBox1.Text;
string s2 = textBox2.Text;
SqlCeConnection cnx = new SqlCeConnection();
string wCS = String.Format("DATA SOURCE = '{0}';", Program.gFichierBase);
cnx.ConnectionString = wCS;
string req = "SELECT * FROM Connexion WHERE Login = @login AND MotPasse = @pass";
SqlCeCommand cmd = new SqlCeCommand(req, cnx);
SqlCeParameter login = new SqlCeParameter("login", s1);
cmd.Parameters.Add(login);
SqlCeParameter pass = new SqlCeParameter("pass", s2);
cmd.Parameters.Add(pass);
BaseGmaoLocaleDataSet2 dat = new BaseGmaoLocaleDataSet2();
DataRow[] foundRows;
foundRows = dat.Tables["Connexion"].Select("Login like '%" + s1 + "%' and MotPasse like '%" + s2 + "%'");
if (foundRows != null)
{
MessageBox.Show("Authentification réussie");
MenuP m = new MenuP();
m.Show();
}
else
{
MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");
}
}It seems so difficult :) Thanks for u contribution
Hi, When you use the SqlCe Connection and Command object, you don't need to use your dataset anymore. If you have MSDN installed, you can check the use of these objects (particularly the SqlCeCommand object, since this is the one that actually does the request). So :
{...}
cmd.Parameters.Add(pass);
int count = cmd.ExecuteScalar();
if (count == 1)
{
MessageBox.Show("Authentification réussie");
MenuP m = new MenuP();
m.Show();
}
else
MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");Here's the idea. Courage ! ;)