question

MohamedRafiN-6400 avatar image
0 Votes"
MohamedRafiN-6400 asked YijingSun-MSFT commented

My SQl Query Error

I have stored userid and password in mysql database, this query is showing login successfully for not stored data, so please correct it

string query = "select * from login where userid=@userid and password=@password";
using (MySqlCommand cmd = new MySqlCommand(query))
{
cmd.Parameters.AddWithValue("@userid", id);
cmd.Parameters.AddWithValue("@password", password);
cmd.Connection = cnn;
cnn.Open();
cmd.ExecuteNonQuery();
DialogResult dr = MessageBox.Show("Are you sure to Login now?", "Confirmation Message", MessageBoxButtons.YesNo);
if (dr == DialogResult.Yes)
{
MessageBox.Show("Login Successfully");
cnn.Close();
this.Hide();
Form2 f2 = new Form2();
f2.ShowDialog();

dotnet-csharpdotnet-aspnet-webforms
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

YijingSun-MSFT avatar image
0 Votes"
YijingSun-MSFT answered YijingSun-MSFT commented

Hi @MohamedRafiN-6400 ,
I think your userid and password are unique. So I suggest you could count the same userid and the password. If the count is more than 1, you could login in.

        string strSql = "SELECT COUNT(*) from login where userid=@userid and password=@password";
       cmd.Connection = cnn;
       cnn.Open();
         int count = Convert.ToInt32(command.ExecuteScalar());
         if (count >= 1)
             MessageBox.Show("Login Successfully");
         else
              MessageBox.Show("Please register");

Best regards,
Yijing Sun

If the answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our  documentation  to enable e-mail notifications if you want to receive the related email notification for this thread.

· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MohamedRafiN-6400 avatar image MohamedRafiN-6400 ·

if(textBox9.Text!="" && textBox10.Text!= "")
{
string connectionString;
MySqlConnection cnn;
MySqlCommand cmd;
connectionString = @"Data Source=localhost;Initial Catalog=testDB;User ID=root;Password=mysql";
cnn = new MySqlConnection(connectionString);
string query = "select * from login where userid='" + textBox9.Text + "' and password='" + textBox10.Text + "'";
int count = Convert.ToInt32(cmd.ExecuteScalar());
if (count >= 1)
{
MessageBox.Show("Login Successfully");
cnn.Close();
this.Hide();
Form2 f2 = new Form2();
f2.ShowDialog();
}
else
{
MessageBox.Show("Please Enter Correct Login details or Register User");
}

         }
         else
         {
             MessageBox.Show("Please Enter Details to Login");
         }

}
Error shows like: Use of unassigned local variable 'cmd'

0 Votes 0 ·
YijingSun-MSFT avatar image YijingSun-MSFT MohamedRafiN-6400 ·

Hi @MohamedRafiN-6400 ,
You need to add like this:

 cmd = new SqlCommand(query , cnn);

Best regards,
Yijing Sun

1 Vote 1 ·
karenpayneoregon avatar image
0 Votes"
karenpayneoregon answered MohamedRafiN-6400 commented

You need to use ExecuteReader rather than ExecuteNonQuery.

var results = cmd.ExecuteReader();

Then check results e.g. results.HasRows which returns true if a record was found, false otherwise.


· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MohamedRafiN-6400 avatar image MohamedRafiN-6400 ·

Error: the name cmd does not exist in current context

string query = "select count (*) from login where userid='" + textBox9.Text + "' and password='" + textBox10.Text + "'";
int count = Convert.ToInt32(cmd.ExecuteScalar());
using (MySqlCommand cmd = new MySqlCommand(query))
if (count >= 1)
{
cmd.Parameters.AddWithValue("@userid", id);
cmd.Parameters.AddWithValue("@password", password);
cmd.Connection = cnn;
cnn.Open();
cmd.ExecuteNonQuery();
MessageBox.Show("Login Successfully");
cnn.Close();
this.Hide();
Form2 f2 = new Form2();
f2.ShowDialog();
}
else
{
MessageBox.Show("Please Enter Correct Login details");
}

         }
         else
         {
             MessageBox.Show("Please Enter Details to Login");
         }
0 Votes 0 ·