simple login form
in [CSharp]
|
From: Arne Vajhøj on 8 Jun 2010 19:50 On 08-06-2010 09:56, resonance wrote: > I have solved my problem by editing sql statement and if statement. > sql = "SELECT password FROM [user] WHERE [username]='" + > tbUserName.Text.ToString() + "';"; > conn = new OleDbConnection(AccessDataSource1.ConnectionString); > conn.Open(); > komut = new OleDbCommand(sql, conn); > > veri = komut.ExecuteReader(); > if (veri.Read()) > { > > if (veri[0].ToString()==tbPassword.Text) > { > lblMessage.Text = "ok"; > } > else > { > lblMessage.Text = " Invalid username or password!"; > } > } > > conn.Close(); This is not good code. 1) you should pick table and field names that allow you to omit the [] because they are not portable among all OLE DB databases 2) you do not get the connection closed in case of an exception 3) you are easy prey for SQL injection (look it up if you don't know what it is) 4) The .ToString()'s are unnecesarry 5) The trailing semikolon is unnecesarry 6) Given that you only want one row and one field, then you could simplify quite a bit using ExecuteScalar instead of ExecuteReader Arne |