Reputation: 103
Admin and User checking not working
I have a database table named Logins which has 3 columns: Username, Password and Category. Category has two types: Admin and User.
I have a form with two textboxes where the user will write his username and password. Using the username textbox input, I want to check whether the given username is an Admin or User and based on that, open different forms.
I'm receiving the following error:
Unexpected error:Incorrect syntax near
"'"
SqlConnection con = new SqlConnection("Data Source=JAYI-PC\\SQLEXPRESS;Initial Catalog=db-ub;Integrated Security=True");
try
{
con.Open();
SqlCommand cmd = new SqlCommand(@"SELECT Count(*) FROM Logins
WHERE Username=@uname and
Password=@pass,Category=@ctgy", con);
cmd.Parameters.AddWithValue("@uname", textBox_usern.Text);
cmd.Parameters.AddWithValue("@pass", textBox_pwd.Text);
cmd.Parameters.AddWithValue("@ctgy", c); //Can't understand how to check it
int result = (int)cmd.ExecuteScalar();
if (result > 0)
{
if (c== "Admin")//this one will chek whether user is admin or user
{
MessageBox.Show("Welcome Admin");
Admin f1 = new Admin();
f1.Show();
}
else
{
MessageBox.Show("Welcome " + textBox_usern.Text);
FormCheck f3 = new FormCheck();
f3.Show();
}
}
else
{
MessageBox.Show("Incorrect login");
}
textBox_usern.Clear();
textBox_pwd.Clear();
}
catch (Exception ex)
{
MessageBox.Show("Unexpected error:" + ex.Message);
}
Upvotes: 2
Views: 114
Answers (3)
Reputation: 45490
I believe you are trying to read the category change your query to this
SqlCommand cmd = new SqlCommand(@"SELECT Category FROM Logins
WHERE Username=@uname and
Password=@pass", con);
cmd.Parameters.AddWithValue("@uname", textBox_usern.Text);
cmd.Parameters.AddWithValue("@pass", textBox_pwd.Text);
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
var c = reader["Category"].ToString();
if (c== "Admin")//this one will chek whether user is admin or user
{
MessageBox.Show("Welcome Admin");
Admin f1 = new Admin();
f1.Show();
}
else
{
MessageBox.Show("Welcome " + textBox_usern.Text);
FormCheck f3 = new FormCheck();
f3.Show();
}
}
else
{
MessageBox.Show("Incorrect login");
}
textBox_usern.Clear();
textBox_pwd.Clear();
Upvotes: 2
Reputation: 7766
your program only check a user is there or not..it will not send the category back. So you should use execute reader. Which will send the detail back if a user is found. Check below code.
SqlConnection con = new SqlConnection("Data Source=JAYI-PC\\SQLEXPRESS;
Initial Catalog=db-ub;Integrated Security=True");
try
{
con.Open();
string cat = null;
SqlCommand cmd = new SqlCommand(@"SELECT Username,Password,Category
FROM Logins WHERE Username=@uname and
Password=@pass", con);
cmd.Parameters.AddWithValue("@uname", textBox_usern.Text);
cmd.Parameters.AddWithValue("@pass", textBox_pwd.Text);
SqlDataReader rdr = cmd.ExecuteReader();
//int result = (int)cmd.ExecuteScalar();
int result = 0;
while(rdr.Read()
{
result++; //to confirm it entered while loop so data is there
cat = rdr["Category"].ToString();
}
if (result > 0)
{
if (cat == "Admin")//this one will chek whether user is admin or
user
{
MessageBox.Show("Welcome Admin");
Admin f1 = new Admin();
f1.Show();
}
else
{
MessageBox.Show("Welcome " + textBox_usern.Text);
FormCheck f3 = new FormCheck();
f3.Show();
}
}
else
{
MessageBox.Show("Incorrect login");
}
textBox_usern.Clear();
textBox_pwd.Clear();
Upvotes: 1
Reputation: 20754
Your query is incorrect, it misses one and and have extra ,. it should be like this
SELECT Count(*) FROM Logins
WHERE Username=@uname and
Password=@pass and Category=@ctgy
Upvotes: 3
Related Questions
- Trying to check if user exists in my database
- how to check if user is logged in database C#
- C# unable to check if user exist in SQL Server table
- Checking Username Available Doesn't Work
- Checking for user existence in SQL Server table
- Confused about how to check user exist or not
- checking database rights on certain user
- how to check whether user is admin
- How to check if the user is "Admin"
- Check if the requested user has admin privileges