From: resonance on 8 Jun 2010 04:43 Hello, I want to create a simple login form that includes two textboxes and a button, compare the values in textboxes with the values that are in access database. But I get this message: "No value given for one or more required parameters." Can anyone help me? Thank you... Codes are below: sql = "SELECT * FROM [user] WHERE ([user].[username]=" + tbUserName.Text.ToString() + "AND [user].[password]=" + tbUserName.Text.ToString()+ ");"; conn = new OleDbConnection(AccessDataSource1.ConnectionString); conn.Open(); komut = new OleDbCommand(sql, conn); Label2.Text=sql; veri = komut.ExecuteReader(); if (veri.Read()) { lblMessage.Text = "ok"; } else { lblMessage.Text = " Invalid username or password!"; } conn.Close();
From: Manish Agarwal on 8 Jun 2010 08:14 Your query seems me wrong sql = "SELECT * FROM [user] WHERE ([user].[username]=" + tbUserName.Text.ToString() + "AND [user].[password]=" + tbUserName.Text.ToString()+ ");"; In this you are using tbUserName for password too. Regards, Manish Agarwal On Jun 8, 1:43 pm, resonance <resona...(a)discussions.microsoft.com> wrote: > Hello, > I want to create a simple login form that includes two textboxes and a > button, compare the values in textboxes with the values that are in access > database. But I get this message: "No value given for one or more required > parameters." > Can anyone help me? > Thank you... > > Codes are below: > sql = "SELECT * FROM [user] WHERE ([user].[username]=" + > tbUserName.Text.ToString() + "AND [user].[password]=" + > tbUserName.Text.ToString()+ ");"; > > conn = new OleDbConnection(AccessDataSource1.ConnectionString); > conn.Open(); > komut = new OleDbCommand(sql, conn); > Label2.Text=sql; > veri = komut.ExecuteReader(); > if (veri.Read()) > { > lblMessage.Text = "ok"; > } > else > { > lblMessage.Text = " Invalid username or password!"; > } > conn.Close();
From: resonance on 8 Jun 2010 09:30 When I have tried only username in sql, I had the same message, too. I cannot use the value in textbox in my sql statement. "Manish Agarwal" wrote: > Your query seems me wrong > > sql = "SELECT * FROM [user] WHERE ([user].[username]=" + > tbUserName.Text.ToString() + "AND [user].[password]=" + > tbUserName.Text.ToString()+ ");"; > > In this you are using tbUserName for password too. > > Regards, > Manish Agarwal > > On Jun 8, 1:43 pm, resonance <resona...(a)discussions.microsoft.com> > wrote: > > Hello, > > I want to create a simple login form that includes two textboxes and a > > button, compare the values in textboxes with the values that are in access > > database. But I get this message: "No value given for one or more required > > parameters." > > Can anyone help me? > > Thank you... > > > > Codes are below: > > sql = "SELECT * FROM [user] WHERE ([user].[username]=" + > > tbUserName.Text.ToString() + "AND [user].[password]=" + > > tbUserName.Text.ToString()+ ");"; > > > > conn = new OleDbConnection(AccessDataSource1.ConnectionString); > > conn.Open(); > > komut = new OleDbCommand(sql, conn); > > Label2.Text=sql; > > veri = komut.ExecuteReader(); > > if (veri.Read()) > > { > > lblMessage.Text = "ok"; > > } > > else > > { > > lblMessage.Text = " Invalid username or password!"; > > } > > conn.Close(); > > . >
From: resonance on 8 Jun 2010 09:56 I have solved my problem by editing sql statement and if statement. Thank you Manish Agarwal... sql = "SELECT password FROM [user] WHERE [username]='" + tbUserName.Text.ToString() + "';"; conn = new OleDbConnection(AccessDataSource1.ConnectionString); conn.Open(); komut = new OleDbCommand(sql, conn); veri = komut.ExecuteReader(); if (veri.Read()) { if (veri[0].ToString()==tbPassword.Text) { lblMessage.Text = "ok"; } else { lblMessage.Text = " Invalid username or password!"; } } conn.Close(); "resonance" wrote: > Hello, > I want to create a simple login form that includes two textboxes and a > button, compare the values in textboxes with the values that are in access > database. But I get this message: "No value given for one or more required > parameters." > Can anyone help me? > Thank you... > > Codes are below: > sql = "SELECT * FROM [user] WHERE ([user].[username]=" + > tbUserName.Text.ToString() + "AND [user].[password]=" + > tbUserName.Text.ToString()+ ");"; > > conn = new OleDbConnection(AccessDataSource1.ConnectionString); > conn.Open(); > komut = new OleDbCommand(sql, conn); > Label2.Text=sql; > veri = komut.ExecuteReader(); > if (veri.Read()) > { > lblMessage.Text = "ok"; > } > else > { > lblMessage.Text = " Invalid username or password!"; > } > conn.Close();
From: J.B. Moreno on 8 Jun 2010 16:34
In article <ED4E5F7B-5751-40C7-AC8C-1C3A02786677(a)microsoft.com>, resonance <resonance(a)discussions.microsoft.com> wrote: > sql = "SELECT * FROM [user] WHERE ([user].[username]=" + > tbUserName.Text.ToString() + "AND [user].[password]=" + > tbUserName.Text.ToString()+ ");"; I see three problems with this code. 1) You aren't using parameters. Leaveing you open to sql injection. 2) You appear to be using and storing the password, you should never to do that. Instead store and compare a hash of the password. 3) you are using tblUsername.Text for the password. (A forth problem is relatively minor, the .Text value is already a string, using ToString on it is redundant). -- J.B. Moreno |