Ado.net C# login check Ms Sql using a windows form application -


hi tring develope login screen. in windows form aplication. got:

   private void button1_click(object sender, eventargs e)    {        if ((textbox1.text == "") || (textbox2.text == ""))        {            messagebox.show("bu alanları boş bırakamazsınız.", "chat giriş", messageboxbuttons.ok, messageboxicon.error);            return;        }         sqlconnection conn = new sqlconnection();        conn.connectionstring = "server=cagdas-laptop;database=chat;trusted_connection=true;";        conn.open();          dataset ds = new dataset();        sqldataadapter sda = new sqldataadapter("select * kullanici kul_adi='" + textbox1.text + "' , sifre='" + textbox2.text + "'", conn);        sda.fill(ds);         if (ds.tables.count == 0)        {            messagebox.show("geçersiz kullanıcı.", "chat giriş", messageboxbuttons.ok, messageboxicon.error);         }         else if(ds.tables.count == 1)        {                messagebox.show("hoşgeldiniz.", "chat giriş", messageboxbuttons.ok, messageboxicon.information);        }

by way using ms sql , logged windows authentication. not sure did write connection string right. when run program doesnt matter write, unless if fill both textbox "hosgeldiniz"(welcome) message. problem? doing wrong? information: kullanici user geçersiz kullanici means wrong login info hosgeldiniz means welcome in language.

whatever user types correct password , account or not, code returns datatable inside dataset; no rows, if login incorrect, 1 row. if login correct. so, testing if there table or not return there @ least 1 table.

you should check if there datarows in table returned

   dataset ds = new dataset();    sqldataadapter sda = new sqldataadapter("select * kullanici ....");    sda.fill(ds);     if (ds.tables[0].rows.count == 0)    {        messagebox.show("geçersiz kullanıcı.", "chat giriş", messageboxbuttons.ok, messageboxicon.error);     }    else if(ds.tables[0].rows.count == 1)    {        messagebox.show("hoşgeldiniz.", "chat giriş", messageboxbuttons.ok, messageboxicon.information);    }

said that, there better ways check correctness of input , avoid big problem called sql injection

private void button1_click(object sender, eventargs e) {    if ((textbox1.text == "") || (textbox2.text == ""))    {        messagebox.show("bu alanları boş bırakamazsınız.", "chat giriş", messageboxbuttons.ok, messageboxicon.error);        return;    }     string cmdtext = @"select count(*) kullanici                        kul_adi=@user , sifre=@pwd";    using(sqlconnection conn = new sqlconnection("server=cagdas-laptop;database=chat;trusted_connection=true;"))    using(sqlcommand cmd = new sqlcommand(cmdtext, conn))    {        conn.open();        cmd.parameters.addwithvalue("@user", textbox1.text);        cmd.parameters.addwithvalue("@pwd", textbox2.text);        int usercount = convert.toint32(cmd.executescalar());        if (usercount == 0)        {            messagebox.show("geçersiz kullanıcı.", "chat giriş", messageboxbuttons.ok, messageboxicon.error);         }        else if(usercount == 1)        {            messagebox.show("hoşgeldiniz.", "chat giriş", messageboxbuttons.ok, messageboxicon.information);        }    } }

in way, there no need have dataset, count records match passed login informations.

notice have placed opening of connection , building of command inside using statement block ensure proper closing , disposing of connection , command in case of exceptions.

a final note. bad idea store password in clear text in database. better security consider using hashing algorithm transform password in unreadable , not decryptable. store hashed text instead of password in clear text and, when need check password. reapply same hashing algorithm user input , check resulting text stored text.


-

Comments

Post a Comment

Popular posts from this blog

how to proxy from https to http with lighttpd -

i have internal site (192.168.2.1) accessible http on different server run public web-server using lighttpd. can make internal site accessible outside work follows $http["host"] == "internal.example.com" { ... proxy.server = ( "" => ( "internal" => ( "host" => "192.168.2.1", "port" => 8000 ) ) } this works, use https outside world. question is, how can proxy going https http ? i've tried this: $server["socket"] == ":443" { $http["host"] == "internal.example.com" { ... proxy.server = ( "" => ( "internal" => ( "host" => "http://192.168.2.1", "port" => 8000 ) ) } } but doesn't seem wor...
Read more

android - Automated my builds -

i have multiple app , android project want automated in build , release sequence. have ant script build , create apk of app. want have 1 script or ant file start build sequence app. maybe don't konw search, can't find easy documentation on ant. the point of use jenkins ant (or maven, i'm not sure of difference between them now) automated build sequence when people commit on project. any int appreciated maven dependencies (over ant) don't need pass around jars. recommend maven on ant day. syntax , overall process easier understand, @ end of both build tools. if able to, more recommend upgrading gradle. easy create different build types , create them ./gradlew assemble here project jake wharton can see power of gradle. there release , debug build, can make lot more if like. https://github.com/jakewharton/u2020 here android docs gradle http://tools.android.com/tech-docs/new-build-system/user-guide . if can't find looking here, check out main grad...
Read more

python - Flask migration error -

i've got application build on flask , wanted create new migration today. when run $python manage.py db upgrade i got message raise util.commanderror('only single head supported. ' alembic.util.commanderror: single head supported. script directory has multiple heads (due branching), must resolved manually editing revision files form linear sequence. run alembic branches see divergence(s). so run command $alembic branches no config file 'alembic.ini' found, or file has no '[alembic]' section any clue on about? the error messages coming alembic, use command form alembic <command> , integrating flask coming flask-migrate, need use form python manage.py db branches . to resolve multiple branches, make 1 of branches point down other branch upgrade graph straight line. see alembic's docs on branches: http://alembic.readthedocs.org/en/latest/branches.html
Read more