using System;
using System.Data;
using System.Windows.Forms;
using System.Text;
using System.Data.OleDb;
using System.Runtime.CompilerServices;
namespace TestApp
{
public partial class FormLogin : Form
{
private OleDbConnection conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Projects\TestApp\TestApp.accdb;
Persist Security Info=False;");
OleDbCommand cmd = new OleDbCommand();
public FormLogin()
{
InitializeComponent();
}
private void FormLogin_Load(object sender, EventArgs e)
{
conn.Open();
dbConnected.Text = "Connected";
conn.Close();
}
private void btnLogin_Click(object sender, EventArgs e)
{
conn.Open();
string login = "SELECT User,Password FROM LoginTable WHERE User= ' " + txtUser.Text + " ' and Password= ' " + txtPassword.Text + " ' ";
cmd = new OleDbCommand(login, conn);
OleDbDataReader reader = cmd.ExecuteReader();
if (reader.Read() ==true)
{
new FormMain().Show();
this.Hide();
}
else
{
MessageBox.Show("Login Failed");
txtUser.Clear();
txtPassword.Clear();
}
reader.Close();
conn.Close();
}
private void btnReset_Click(object sender, EventArgs e)
{
txtUser.Clear();
txtPassword.Clear();
}
private void FormLogin_FormClosing(object sender, FormClosingEventArgs e)
{
Application.Exit();
}
}
}
FormMain().ShowDialog();
Try
FormMain().ShowDialog();
if (reader.Read() == false)
SELECT User, Password FROM LoginTable
reader.Read()
return true
?bool match = false;
while (reader.Read())
{
var user = reader["User"].ToString();
var password = reader["Password"].ToString();
if (user == txtUser.Text && password == txtPassword.Text))
{
match = true;
break;
}
}
if (match == true)
.That simply means that nothing was found in the database that matches your query.
If you change your query to just:
C#:SELECT User, Password FROM LoginTable
does thereader.Read()
returntrue
?
If it does, then you can next try to see if anything in the database actually matches by adding some temporary code that looks something like:
C#:bool match = false; while (reader.Read()) { var user = reader["User"].ToString(); var password = reader["Password"].ToString(); if (user == txtUser.Text && password == txtPassword.Text)) { match = true; break; } }
and replace line 39 withif (match == true)
.
And then the most important thing: step through the code with a debugger instead of just running the code. Inspect the values. Perhaps the database values don't match the case of the inputs. Perhaps the database values or the user inputs have leading or trailing spaces.
Now a few asides not directly related to your problem but something you'll eventually want to fix:
1) Never take user input and put them directly into a SQL query like you are doing with line 35. You are inviting a SQL injection attack. Use parameterized queries instead. Obligatory cartoon:
View attachment 3065
2) Never store plain text passwords in a file or database. Store salted hashes of passwords. When the user enters their password, compute the salted hash of the password and then compare with what you have in your file or database.
3) C# naming conventions recommend not using Hungarian naming convention. If you are going to use it, use it everywhere to be consistent. Consistent code make it easier for people to read the code.
using System;
using System.Data;
using System.Windows.Forms;
using System.Text;
using System.Data.OleDb;
using System.Runtime.CompilerServices;
using System.Diagnostics.Eventing.Reader;
namespace TestApp
{
public partial class FormLogin : Form
{
private OleDbConnection conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Projects\TestApp\TestApp.accdb;
Persist Security Info=False;");
OleDbCommand cmd = new OleDbCommand();
public FormLogin()
{
InitializeComponent();
}
private void FormLogin_Load(object sender, EventArgs e)
{
conn.Open();
dbConnected.Text = "Connected";
conn.Close();
}
private void btnLogin_Click(object sender, EventArgs e)
{
conn.Open();
string login = "SELECT User,Password FROM LoginTable"; //WHERE User= ' " + txtUser.Text + " ' and Password= ' " + txtPassword.Text + " ' ";
cmd = new OleDbCommand(login, conn);
OleDbDataReader reader = cmd.ExecuteReader();
bool match = false;
while (reader.Read())
{
var user = reader["User"].ToString();
var password = reader["Password"].ToString();
if (user == txtUser.Text && password == txtPassword.Text) ;
{
match = true;
}
if (match == true)
{
new FormMain().Show();
this.Hide();
}
else
{
MessageBox.Show("Login Failed");
txtUser.Clear();
txtPassword.Clear();
}
}
reader.Close();
conn.Close();
}
private void btnReset_Click(object sender, EventArgs e)
{
txtUser.Clear();
txtPassword.Clear();
}
private void FormLogin_FormClosing(object sender, FormClosingEventArgs e)
{
Application.Exit();
}
}
}
There should not be a semicolon at the end of line 45.
private void btnLogin_Click(object sender, EventArgs e)
{
conn.Open();
string login = "SELECT User,Password FROM LoginTable"; //WHERE User= ' " + txtUser.Text + " ' and Password= ' " + txtPassword.Text + " ' ";
cmd = new OleDbCommand(login, conn);
OleDbDataReader reader = cmd.ExecuteReader();
bool match = false;
while (reader.Read())
{
var user = reader["User"].ToString();
var password = reader["Password"].ToString();
if (user == txtUser.Text && password == txtPassword.Text)
{
match = true;
break;
}
}
if (match == true)
{
new FormMain().Show();
this.Hide();
}
else
{
MessageBox.Show("Login Failed");
txtUser.Clear();
txtPassword.Clear();
}
reader.Close();
conn.Close();
}
user
and password
through each iteration of the while
loop. match
is obviously coming out to be false
. The question is why."dela Cruz" != "Dela Cruz"
. Case matters when comparing strings for equality. Also that whitespace matters "hello world" != "hello world"
.using System;
using System.Data;
using System.Windows.Forms;
using System.Text;
using System.Data.OleDb;
using System.Runtime.CompilerServices;
using System.Diagnostics.Eventing.Reader;
namespace TestApp
{
public partial class FormLogin : Form
{
private OleDbConnection conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Projects\TestApp\TestApp.accdb;
Persist Security Info=False;");
OleDbCommand cmd = new OleDbCommand();
public FormLogin()
{
InitializeComponent();
}
private void FormLogin_Load(object sender, EventArgs e)
{
conn.Open();
dbConnected.Text = "Connected";
conn.Close();
}
private void btnLogin_Click(object sender, EventArgs e)
{
conn.Open();
string login = "SELECT User,Password FROM LoginTable";
cmd = new OleDbCommand(login, conn);
OleDbDataReader reader = cmd.ExecuteReader();
bool match = false;
while (reader.Read())
{
var user = reader["User"].ToString();
var password = reader["Password"].ToString();
if (user == txtUser.Text && password == txtPassword.Text)
{
match = true;
}
if (match == true)
{
new FormMain().Show();
this.Hide();
}
else
{
txtUser.Clear();
txtPassword.Clear();
}
}
reader.Close();
conn.Close();
}
private void btnReset_Click(object sender, EventArgs e)
{
txtUser.Clear();
txtPassword.Clear();
}
private void FormLogin_FormClosing(object sender, FormClosingEventArgs e)
{
Application.Exit();
}
}
}
Main
method should display the login form and get the result back from it. If the login succeeded, the Main
method creates and displays the main form. If the login failed, the Main
method completes and the application exits.