Resolved Attempting to fill text boxes in user control once the user has logged in

sock1992

Well-known member
Joined
May 20, 2020
Messages
107
Programming Experience
Beginner
When the user logs in they will be taken to a dashboard where they can select different options. one of them being "Account details". within this user control I've set up text boxes which will be filled with the users details once they double click on the row within the DataGridView .

1615935786433.png



I have a function which fills DataGridView and this has worked successfully throughout my application until now.


C#:
        public void FillingAccountDetails()
        {
            User_Control.Uc_updateAccountDetails ac = new User_Control.Uc_updateAccountDetails();
                                  
            string query = "SELECT firstName, lastName, address, contactNumber, emailAddress, password FROM Customer WHERE emailAddress =' " + signInEmail.Text.Trim() + " ' AND password = ' " + SqlDataFunctions.hashPassword(signInPassword.Text.Trim()) + " '  ";
            _IsqlDataFunctions.displayDataInGrid(query, ac.dataGridViewAccountDetails);


C#:
        public void displayDataInGrid(string query, DataGridView datagrid)
        {
            try
            {
                DataTable dt = new DataTable();
                connection.Open();
                SqlDataAdapter adapter = new SqlDataAdapter(query, connection);
                adapter.Fill(dt);
                datagrid.DataSource = dt;
                connection.Close();
            }
            catch (Exception message)
            {
                MessageBox.Show(message.Message);
            }
        }


Does anyone know why this isn't working?
 

Attachments

  • 1615935770689.png
    1615935770689.png
    15.2 KB · Views: 16
Last edited by a moderator:
Please describe "isn't working". You know this. You've been on this forum long enough. What behavior are you seeing? What behavior were you expecting to see?

As an aside, you should also know better than to compose a SQL query using concatenation. You are inviting a SQL injection attack. Obligatory image below:
exploits_of_a_mom.png
 
I'm expecting the grid view to be filled with the Customers details that is currently logged in. I've put a breakpoint on the displayInGridView function and the email and password are being identified fine.
I've called the method when the user logs in, however when i'm taken to the dashboard and click on Account details, which takes me to another user control the gridview that i attempted to fill data inside of is empty.

Could this be due to settings on the grid view?
1615937741101.png


Yeah i know, I plan on altering them at some point, but just want to get this out the way first :)
 

Attachments

  • 1615937726308.png
    1615937726308.png
    20.2 KB · Views: 15
Last edited:
Set a breakpoint in your debugger at this line:
C#:
SqlDataAdapter adapter = new SqlDataAdapter(query, connection);

From the Autos or Locals tab of the debugger, copy the value query exactly. Paste the value into MSSQL studio or whatever tool your database has that lets you type in and execute a query. Run that query in the tool and see what results you get.

I suspect that you are not getting any matches because of the extra spaces after and before the single quotes on this line of code:
C#:
string query = "SELECT firstName, lastName, address, contactNumber, emailAddress, password FROM Customer WHERE emailAddress =' " + signInEmail.Text.Trim() + " ' AND password = ' " + SqlDataFunctions.hashPassword(signInPassword.Text.Trim()) + " '  ";

Notice: emailAddress =' " , " ' AND password = ' " , and " ' " . See the extra spaces?

If you were using parameterized queries those extra spaces would be a non-issue.
 
Set a breakpoint in your debugger at this line:
C#:
SqlDataAdapter adapter = new SqlDataAdapter(query, connection);

From the Autos or Locals tab of the debugger, copy the value query exactly. Paste the value into MSSQL studio or whatever tool your database has that lets you type in and execute a query. Run that query in the tool and see what results you get.

I suspect that you are not getting any matches because of the extra spaces after and before the single quotes on this line of code:
C#:
string query = "SELECT firstName, lastName, address, contactNumber, emailAddress, password FROM Customer WHERE emailAddress =' " + signInEmail.Text.Trim() + " ' AND password = ' " + SqlDataFunctions.hashPassword(signInPassword.Text.Trim()) + " '  ";

Notice: emailAddress =' " , " ' AND password = ' " , and " ' " . See the extra spaces?

If you were using parameterized queries those extra spaces would be a non-issue.
okay this is weird. I copied the query and ran it. Got no results. Changed the email and password to another user i have stored in my database and it works .

I then signed in with that user, however the grid view still doesn't fill.
 
Changed the email and password to another user i have stored in my database and it works .
Did you (accidentally) remove the extra spaces when you were in the process of doing this?
 
I then signed in with that user, however the grid view still doesn't fill.
Did you try repeating the steps from post #4 with this particular user?
 
okay so i did another test, i placed a grid view on the sign in page, to see if the query would work and guess what it did.

1615979018376.png




It must be something to do with attempting to load the data into another user control, I have no idea why but it doesn't work :unsure:

I put the breaking point on the same line again, when logging in with another user. Copied the query and ran it. Works fine, the result shows the users details.

I'm thinking about taking a different approach. What if i stored the Users Id inside of a list, and then used the ID to fill the Grid view once the user control has loaded? something similar to the code below (not sure how to locate the first value in the row)

C#:
        public void GetCustomerDetails(string query, string columnName, List<string> userDetails)
        {
            connection.Open();
            SqlDataAdapter da = new SqlDataAdapter(query, connection);
            DataTable dt = new DataTable();
            da.Fill(dt);

            if (dt.Rows.Count == 1)
            {
                
            }
        }
 
Last edited:
Back
Top Bottom