asp.net website SQL connection

Question

i'm having problems getting my ASP.NET site to log me in using SQL, here is some code (Login.ASPX.CS);

        private bool ValidateCredentials(string userName, string password)
    {
        bool returnValue = false;

        if (this.IsAlphaNumeric(userName) && userName.Length <= 50 && password.Length <= 50)
        {
            SqlConnection conn = null;

            try
            {
                string sql = "select count(*) from dbo.Users where UserName = '@username' and password = '@password'";

                conn = new SqlConnection(ConfigurationManager.ConnectionStrings["MembershipSiteConStr"].ConnectionString);
                SqlCommand cmd = new SqlCommand(sql, conn);

                SqlParameter user = new SqlParameter();
                user.ParameterName = "@username";
                user.Value = userName.Trim();
                cmd.Parameters.Add(user);

                SqlParameter pass = new SqlParameter();
                pass.ParameterName = "@password";
                pass.Value = Hasher.HashString(password.Trim());
                cmd.Parameters.Add(pass);

                conn.Open();

                int count = (int)cmd.ExecuteScalar();

                if (count > 0) returnValue = true;
            }

Here is my web.config connectionstring

i've tested this SQL connection using server explorer and SQL managment and it all works.

here are some SP of what's going on;

here is evidence that the user and pass im putting in should work; The user is there:

that the SQL query works:

Jaydip Jadhav · Accepted Answer

Change code of Adding Password Parameter as follow

 SqlParameter pass = new SqlParameter();
 pass.ParameterName = "@password";
 //pass.Value = Hasher.HashString(password.Trim());
 pass.Value = password.Trim(); 
 cmd.Parameters.Add(pass);

asp.net website SQL connection

Answers (2)

Related Questions