CODEWITHSUNDEEP
c#mysql
user2852418
user2852418

Reputation: 377

Change password not working

I have a web page where the user enters their current Username and Password. If they match a user in the database then the password is changed to the new password.

If there is no error and the password is changed the user is redirected to the initial login page. If there is an error then an error message will appear.

However at the moment the password is not changed and when there is supposed to be an error, i.e. when the the password was not changed, it just redirects the user anyway to the login page.

My code:

public static MySqlConnection CreateConnection()
    {

        String connectionString = "SERVER=127.0.0.1; DATABASE='dbnumericalmethods'; UID='root'; PASSWORD=''";
        MySqlConnection SqlConnection = new MySqlConnection(connectionString);
        return SqlConnection;
    }

    protected void btnChange_Click(object sender, EventArgs e)
    {
        MySqlConnection SqlConnection = CreateConnection();
        string OldPassword;
        string NewPassword;
        string Username;
        string ConfirmPassword;
        Username = txtUsername2.Text;  
        OldPassword = txtOldPassword.Text;
        NewPassword = txtNewPassword.Text;
        ConfirmPassword = txtConfirmPassword.Text;
        string SqlString = "update tblLogin set Identification='" + NewPassword + "' WHERE [Identification]='" + OldPassword + "' AND Username='" + Username + "'";
        SqlConnection.Open();
        MySqlCommand cmd = new MySqlCommand(SqlString, SqlConnection);
        SqlConnection.Close();

        if (OldPassword != "" && NewPassword != "" && ConfirmPassword != "") 
        {
            Response.Redirect("Login.aspx");
        }
        else
        {
            lblErrorMessage2.Text = ("Username ");
        }

    }

Upvotes: 0

Views: 700

Answers (1)

Selman Genç
Selman Genç

Reputation: 101681

You are not even executing the command, you are just opening the connection, creating a MySqlCommand then immediately close the connection:

 MySqlCommand cmd = new MySqlCommand(SqlString, SqlConnection);
 int result = cmd.ExecuteNonQuery();
 SqlConnection.Close();

BTW, you should use parameterized queries to avoid SQL Injection.

Upvotes: 5

Related Questions