2 Replies - 598 Views - Last Post: 22 October 2009 - 12:30 PM Rate Topic: -----

#1 riesbrink  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 8
  • Joined: 28-September 09

Validation Name and Password from a SQL Table

Posted 19 October 2009 - 07:45 AM

Hi I am writing a windows app where the user has to login with a Name and Password that is stored in a SQL Database Hangman in Table Players. I need to validate the entry to see if the player trying to login is in the database.

My code is
		private void btnLogin_Click(object sender, EventArgs e)
		{
			string connectionString = @"data source=PROCESSOR;Initial Catalog=Hangman;Integrated Security=True";
			string commandString = @"select * from Players";
			SqlDataAdapter dataAdapter = new SqlDataAdapter(commandString, connectionString);
			SqlCommandBuilder scb = new SqlCommandBuilder(dataAdapter);

			DataSet myDataSet = new DataSet();
			dataAdapter.Fill(myDataSet, "Players");

			DataTable table = myDataSet.Tables["Players"];



			if (txtName.Text == "")
			{
				MessageBox.Show("Please enter your Name");
				txtName.Focus();   
			}

			else if (txtPassword.Text == "")
			{
				MessageBox.Show("Please enter your Password");
				txtPassword.Focus();
			}
		}



Your help would be appreciated

Is This A Good Question/Topic? 0
  • +

Replies To: Validation Name and Password from a SQL Table

#2 Hybrid SyntaX  Icon User is offline

  • New D.I.C Head
  • member icon

Reputation: 1
  • View blog
  • Posts: 27
  • Joined: 10-May 08

Re: Validation Name and Password from a SQL Table

Posted 22 October 2009 - 12:07 PM

I suppose you need something like this
 DataRow []  dr= table.Select("[username_field]='" + txtName.Text + "' and [password_field]='" + txtPassword.Text + "'"); 

When you want to retrieve it put it in Try..Catch block , in this case it'll throw an exception if doesn't find any record
 try
{
	   MessageBox.Show(dr[0]["username_field"].ToString());
}
 catch
{
		//handle the exception
}


Was This Post Helpful? 0
  • +
  • -

#4 Momerath  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 1010
  • View blog
  • Posts: 2,444
  • Joined: 04-October 09

Re: Validation Name and Password from a SQL Table

Posted 22 October 2009 - 12:30 PM

It's a very bad idea from a security standpoint to pull all the users names and passwords into your application. Someone running a debugger now has access to everything.

A better method would be to count the number of rows that match the userid/password:

select count(*) from Players where Name = @Name and Password = @Password.


You'll also want to use parameterized strings (like the one above).
Was This Post Helpful? 1
  • +
  • -

Page 1 of 1