New Topic/Question
Reply
SqlCommand cmd = new SqlCommand("SELECT * FROM [ATMCards]", cn);
for just the first occurrance in the 'ATMCards' table. But when I use the command:
SqlCommand cmd = new SqlCommand("SELECT * FROM [ATMCards] WHERE cardNumber = @cardNumber and PIN = @PIN", cn);
to make it available to all records it allows every correct combination to login but disables the else part of the if statement and nothing happens at all when the particular card number and PIN do not match. Does anyone have any idea why this would happen just by adding the "WHERE cardNumber = @cardNumber and PIN = @PIN" to the SQL statment?Here is the whole code:
private void btnEnter_Click(object sender, EventArgs e)
{
//Declare variables for use with counting the number of failed login attempts and the value notConfiscated to allow access to account
Boolean notConfiscated = false; ;
//Define the connection to the database on server
string connection = @"Data Source=COMP-WEB2;Initial Catalog=BoG_10025820;Integrated Security=True";
//Create a new connection using the connection linked above
SqlConnection cn = new SqlConnection(connection);
try
{
//Open the connection to the database on the server
cn.Open();
//Select all fields from the table 'ATMCards' using the connection previously created and use the SqlDataReader to read the values
SqlCommand cmd = new SqlCommand("SELECT * FROM [ATMCards] WHERE cardNumber = @cardNumber and PIN = @PIN" , cn);
cmd.Parameters.AddWithValue("@cardNumber", cboxSimCard.Text);
cmd.Parameters.AddWithValue("@PIN", txtboxPIN.Text);
cmd.Connection = cn;
SqlDataReader r = null;
r = cmd.ExecuteReader();
//While the reader is in execution:
while (r.Read())
{
//ADD IF NOT CONFISCATED DO THIS:
if (((Boolean)(r["confiscated"]) == notConfiscated))
{
//Compare the results in the ATMCards table against those on the form used to log in
if (cboxSimCard.Text == (r["cardNumber"].ToString()) && txtboxPIN.Text == (r["PIN"].ToString()))
{
//If the login details are correct then grant access to the menu screen by creating a new instance of it and hide the login form. Clear PIN to avoid the next user accessing the account
txtboxPIN.Clear();
Form myNewForm = new Menu();
myNewForm.Show();
this.Hide();
break;
}
else
{
//Count the number of times PIN match fails
int failCount = 0;
if (failCount > 1)
{
MessageBox.Show("PIN has been entered incorrectly 3 times, card has been confiscated. \n Please contact your local branch.");
failCount++;
sqlCommandConfiscated.Parameters["@cardNumber"].Value = cboxSimCard.Text;
try
{
sqlCommandConfiscated.Connection.Open();
sqlCommandConfiscated.ExecuteNonQuery();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
finally
{
sqlCommandConfiscated.Connection.Close();
}
break;
}
else
{
txtboxPIN.Clear();
//Increment fail count
failCount++;
pinList = "";
//Tell user the details did not match and break from the while loop
MessageBox.Show("Sorry, the PIN number you entered does not match the card chosen.\n Please try again, however if you enter you're PIN wrong more than 3 times you're card will be confiscated.");
break;
}
}
}
else
{
//Inform user their account has been confiscated
MessageBox.Show("Sorry, your account has been confiscated. Please contact your local branch");
break;
}
}
}
catch (Exception)
{
MessageBox.Show("Unable to connect to data source");
}
finally
{
//Close the connection to the database on the server
cn.Close();
}
}
MultiQuote
| 