A login problem
-
Hi Can anybody help me please. when i try to login in my asp.net 4 page with the following source code an error returns:
DataTable dt = new DataTable(); DataSet ds = new DataSet(); SqlConnection sqlConn = new SqlConnection(ConfigurationManager.ConnectionStrings["SN11ConnectionString"].ConnectionString); SqlCommand sqlCmd = new SqlCommand("SELECT UserId FROM [Users] WHERE ([Email]=@Email AND [Password]=@Password", sqlConn); //Create the parameters SqlParameter paramEmail; paramEmail = new SqlParameter("@Email", SqlDbType.NVarChar, 25); paramEmail.Value = TextBoxLoginEmail.Text; sqlCmd.Parameters.Add(paramEmail); //Hash the password MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider(); byte[] hashedBytes; UTF8Encoding encoder = new UTF8Encoding(); hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(TextBoxLoginPassword.Text)); SqlParameter paramPwd; paramPwd = new SqlParameter("@Password", SqlDbType.Binary, 16); paramPwd.Value = hashedBytes; sqlCmd.Parameters.Add(paramPwd); sqlConn.Open(); SqlDataAdapter sda = new SqlDataAdapter(sqlCmd); sda.Fill(ds); dt = ds.Tables[0];Here is the error message that appears when i press the login button: Incorrect syntax near '@Password'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near '@Password'. Source Error: Line 57: sqlConn.Open(); Line 58: SqlDataAdapter sda = new SqlDataAdapter(sqlCmd); Line 59: sda.Fill(ds); Line 60: dt = ds.Tables[0]; Line 61: } Thank you. -
Hi Can anybody help me please. when i try to login in my asp.net 4 page with the following source code an error returns:
DataTable dt = new DataTable(); DataSet ds = new DataSet(); SqlConnection sqlConn = new SqlConnection(ConfigurationManager.ConnectionStrings["SN11ConnectionString"].ConnectionString); SqlCommand sqlCmd = new SqlCommand("SELECT UserId FROM [Users] WHERE ([Email]=@Email AND [Password]=@Password", sqlConn); //Create the parameters SqlParameter paramEmail; paramEmail = new SqlParameter("@Email", SqlDbType.NVarChar, 25); paramEmail.Value = TextBoxLoginEmail.Text; sqlCmd.Parameters.Add(paramEmail); //Hash the password MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider(); byte[] hashedBytes; UTF8Encoding encoder = new UTF8Encoding(); hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(TextBoxLoginPassword.Text)); SqlParameter paramPwd; paramPwd = new SqlParameter("@Password", SqlDbType.Binary, 16); paramPwd.Value = hashedBytes; sqlCmd.Parameters.Add(paramPwd); sqlConn.Open(); SqlDataAdapter sda = new SqlDataAdapter(sqlCmd); sda.Fill(ds); dt = ds.Tables[0];Here is the error message that appears when i press the login button: Incorrect syntax near '@Password'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near '@Password'. Source Error: Line 57: sqlConn.Open(); Line 58: SqlDataAdapter sda = new SqlDataAdapter(sqlCmd); Line 59: sda.Fill(ds); Line 60: dt = ds.Tables[0]; Line 61: } Thank you.Farhad Eft wrote:
paramPwd = new SqlParameter("@Password", SqlDbType.Binary, 16);
SqlDbType.Binaryfor Password? Please check the data type.Venkatesh Mookkan (My Recent Article: WPF Custom Control - FilterControl for ListBox/ListView)
-
Hi Can anybody help me please. when i try to login in my asp.net 4 page with the following source code an error returns:
DataTable dt = new DataTable(); DataSet ds = new DataSet(); SqlConnection sqlConn = new SqlConnection(ConfigurationManager.ConnectionStrings["SN11ConnectionString"].ConnectionString); SqlCommand sqlCmd = new SqlCommand("SELECT UserId FROM [Users] WHERE ([Email]=@Email AND [Password]=@Password", sqlConn); //Create the parameters SqlParameter paramEmail; paramEmail = new SqlParameter("@Email", SqlDbType.NVarChar, 25); paramEmail.Value = TextBoxLoginEmail.Text; sqlCmd.Parameters.Add(paramEmail); //Hash the password MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider(); byte[] hashedBytes; UTF8Encoding encoder = new UTF8Encoding(); hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(TextBoxLoginPassword.Text)); SqlParameter paramPwd; paramPwd = new SqlParameter("@Password", SqlDbType.Binary, 16); paramPwd.Value = hashedBytes; sqlCmd.Parameters.Add(paramPwd); sqlConn.Open(); SqlDataAdapter sda = new SqlDataAdapter(sqlCmd); sda.Fill(ds); dt = ds.Tables[0];Here is the error message that appears when i press the login button: Incorrect syntax near '@Password'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near '@Password'. Source Error: Line 57: sqlConn.Open(); Line 58: SqlDataAdapter sda = new SqlDataAdapter(sqlCmd); Line 59: sda.Fill(ds); Line 60: dt = ds.Tables[0]; Line 61: } Thank you. -
new SqlCommand("SELECT UserId FROM [Users] WHERE ([Email]=@Email AND [Password]=@Password", sqlConn);
u miss ")". check it.
C# コードMicrosoft End User 2000-2008 「「「「「「「「「「「「「「「「「「「「「「「「「「「「 The best things in life are free 」」」」」」」」」」」」」」」」」」」」」」」」」」」」
where did i miss it? i can't see it!
-
Farhad Eft wrote:
paramPwd = new SqlParameter("@Password", SqlDbType.Binary, 16);
SqlDbType.Binaryfor Password? Please check the data type.Venkatesh Mookkan (My Recent Article: WPF Custom Control - FilterControl for ListBox/ListView)
yeah it's binary because I'd like to store and retrieve the encrypted edition.
-
new SqlCommand("SELECT UserId FROM [Users] WHERE ([Email]=@Email AND [Password]=@Password", sqlConn);
u miss ")". check it.
C# コードMicrosoft End User 2000-2008 「「「「「「「「「「「「「「「「「「「「「「「「「「「「 The best things in life are free 」」」」」」」」」」」」」」」」」」」」」」」」」」」」
OOPS! yeah you are right I'm such an idiot! lol Thank you so much!
-
Hi Can anybody help me please. when i try to login in my asp.net 4 page with the following source code an error returns:
DataTable dt = new DataTable(); DataSet ds = new DataSet(); SqlConnection sqlConn = new SqlConnection(ConfigurationManager.ConnectionStrings["SN11ConnectionString"].ConnectionString); SqlCommand sqlCmd = new SqlCommand("SELECT UserId FROM [Users] WHERE ([Email]=@Email AND [Password]=@Password", sqlConn); //Create the parameters SqlParameter paramEmail; paramEmail = new SqlParameter("@Email", SqlDbType.NVarChar, 25); paramEmail.Value = TextBoxLoginEmail.Text; sqlCmd.Parameters.Add(paramEmail); //Hash the password MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider(); byte[] hashedBytes; UTF8Encoding encoder = new UTF8Encoding(); hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(TextBoxLoginPassword.Text)); SqlParameter paramPwd; paramPwd = new SqlParameter("@Password", SqlDbType.Binary, 16); paramPwd.Value = hashedBytes; sqlCmd.Parameters.Add(paramPwd); sqlConn.Open(); SqlDataAdapter sda = new SqlDataAdapter(sqlCmd); sda.Fill(ds); dt = ds.Tables[0];Here is the error message that appears when i press the login button: Incorrect syntax near '@Password'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near '@Password'. Source Error: Line 57: sqlConn.Open(); Line 58: SqlDataAdapter sda = new SqlDataAdapter(sqlCmd); Line 59: sda.Fill(ds); Line 60: dt = ds.Tables[0]; Line 61: } Thank you.I would think a hashed password, even of a password only a few characters long, might be considerably longer than 16 bytes? Not sure, but could that be the problem? Edit: Sorry I think I have put you wrong. I was thinking the hex version of hashes possibly.
modified on Saturday, April 2, 2011 5:13 PM
-
OOPS! yeah you are right I'm such an idiot! lol Thank you so much!
-
Hi Can anybody help me please. when i try to login in my asp.net 4 page with the following source code an error returns:
DataTable dt = new DataTable(); DataSet ds = new DataSet(); SqlConnection sqlConn = new SqlConnection(ConfigurationManager.ConnectionStrings["SN11ConnectionString"].ConnectionString); SqlCommand sqlCmd = new SqlCommand("SELECT UserId FROM [Users] WHERE ([Email]=@Email AND [Password]=@Password", sqlConn); //Create the parameters SqlParameter paramEmail; paramEmail = new SqlParameter("@Email", SqlDbType.NVarChar, 25); paramEmail.Value = TextBoxLoginEmail.Text; sqlCmd.Parameters.Add(paramEmail); //Hash the password MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider(); byte[] hashedBytes; UTF8Encoding encoder = new UTF8Encoding(); hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(TextBoxLoginPassword.Text)); SqlParameter paramPwd; paramPwd = new SqlParameter("@Password", SqlDbType.Binary, 16); paramPwd.Value = hashedBytes; sqlCmd.Parameters.Add(paramPwd); sqlConn.Open(); SqlDataAdapter sda = new SqlDataAdapter(sqlCmd); sda.Fill(ds); dt = ds.Tables[0];Here is the error message that appears when i press the login button: Incorrect syntax near '@Password'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near '@Password'. Source Error: Line 57: sqlConn.Open(); Line 58: SqlDataAdapter sda = new SqlDataAdapter(sqlCmd); Line 59: sda.Fill(ds); Line 60: dt = ds.Tables[0]; Line 61: } Thank you.