3 Replies - 667 Views - Last Post: 07 March 2014 - 05:28 PM Rate Topic: -----

#1 GuruBalash   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 07-March 14

Setup not working in other systems with other SQL DB server

Posted 07 March 2014 - 02:25 AM


i developed one windows application in c#.net , this application is not working when i installed the setup in another system with another sql database server-r2. How can solve this. here i had attached my code for reference.

App.config file
<?xml version="1.0" encoding="utf-8" ?>
    <add key="SqlCon" value="Data Source=.\sqlexpress;Initial Catalog=aathi;Integrated Security=True;Pooling=False"/>

Login form
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;
using System.Configuration;

namespace WindowsFormsApplication14
    public partial class login : Form
        public login()
        SqlConnection dbcon = new SqlConnection(ConfigurationSettings.AppSettings["SqlCon"].ToString());
        private void btn_login_Click(object sender, EventArgs e)
            SqlDataAdapter da = new SqlDataAdapter("select count(*) from login_master where username='"+txt_username.Text+"'and pass='"+txt_password.Text+"'", dbcon);
            DataTable dt = new DataTable();
            if (dt.Rows[0][0].ToString() == "1")
                Mainwindow main = new Mainwindow();

This post has been edited by Skydiver: 07 March 2014 - 07:34 AM
Reason for edit:: Put code in code tags. Learn to do this yourself.

Is This A Good Question/Topic? 0
  • +

Replies To: Setup not working in other systems with other SQL DB server

#2 Skydiver   User is offline

  • Code herder
  • member icon

Reputation: 6290
  • View blog
  • Posts: 21,613
  • Joined: 05-May 12

Re: Setup not working in other systems with other SQL DB server

Posted 07 March 2014 - 07:37 AM

What is not working? What error message(s) are you getting?

You mentioned that the target machine has SQL Server, but your connection string is referring to the default instance name for SQL Express. The default instance name for SQL Server is MSSQLSERVER if I recall correctly.
Was This Post Helpful? 0
  • +
  • -

#3 Curtis Rutland   User is offline

  • (╯□)╯︵ (~ .o.)~
  • member icon

Reputation: 5104
  • View blog
  • Posts: 9,283
  • Joined: 08-June 10

Re: Setup not working in other systems with other SQL DB server

Posted 07 March 2014 - 03:26 PM

This part here: Data Source=.\sqlexpress tells the machine where to look. It's looking on the local machine for an instance named "sqlexpress". Did you install a MS SQL Server instance named "sqlexpress"? If you installed Sql Server Express you did, but if you installed a full version of Sql Server (like the Developer edition) the default name is different. So my first bit of advice is to make sure you're connecting to the correct instance.

Second, you really, really shouldn't concatenate user input directly into your Sql commands. It's not only bad practice and difficult to read, it's dangerous.

For example, if I were to enter this into your txt_username textbox: ' or 1 = 1 -- , this is what your command would look like:

"select count(*) from login_master where username='' or 1 = 1 -- 'and pass='PASS'"

1 always equals 1, so the condition is true for every row, and since the input comments out everything that comes after it, it doesn't even bother checking for passwords.

Now imagine I enter this: '; truncate table login_master; -- ...it would erase your table's data.

This is called "SQL Injection". You should search it and read more. Please read this tutorial on how to use SQL Parameters in the mean time. I wrote it:

Now, the number one thing I hear back when I give this advice is "it's OK, this is just a learning project, nobody's going to use it". Well, there's never a better time to learn best practices than when there's no consequences for failure. Better to do it right from the start so that you don't do it wrong when it counts. Also, it's in no way more difficult to do it right. It's actually more readable, if you believe that.
Was This Post Helpful? 2
  • +
  • -

#4 JackOfAllTrades   User is offline

  • Saucy!
  • member icon

Reputation: 6246
  • View blog
  • Posts: 24,014
  • Joined: 23-August 08

Re: Setup not working in other systems with other SQL DB server

Posted 07 March 2014 - 05:28 PM

I wish I could upvote Curtis Rutland's post a billion times.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1