CODEWITHSUNDEEP
c#sqldatabaseado.net
mhmd ali Mhanna
mhmd ali Mhanna

Reputation: 1

SqlDataAdapter.Fill(dt) unexpected errror

private void button1_Click(object sender, EventArgs e)
{
   SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C: \Users\mohamma ali\Documents\Visual Studio 2015\Projects\WindowsFormsApplication4\WindowsFormsApplication4\MyLib_DB.mdf ;Integrated Security=True;Connect Timeout=30");
   string query =  "Select *  From User_Registration where UserID = '" + username_textbox.Text.Trim() + "' & Password = '" + password_text.Text.Trim() + "'";
   SqlDataAdapter sda = new SqlDataAdapter(query, con);
   DataTable dt = new DataTable ();
   sda.Fill(dt);

   if (dt.Rows.Count == 1)
   {
       mainmenu main = new mainmenu();
       this.Hide();              
       main.Show();
    }
    else
    {
          MessageBox.Show("Please Check usename and password");
    }
}

it is returning unexpected error at sda.fill(dt)?

Upvotes: 0

Views: 530

Answers (2)

Nasreddine FAREH
Nasreddine FAREH

Reputation: 11

private void button1_Click(object sender, EventArgs e)
{
    {
        string commandText = "Select * From User_Registration where UserID = @UserID  and Password = @Password ";

        using (SqlConnection connection = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C: \Users\mohamma ali\Documents\Visual Studio 2015\Projects\WindowsFormsApplication4\WindowsFormsApplication4\MyLib_DB.mdf ;Integrated Security=True;Connect Timeout=30"))
        {
            SqlDataAdapter sda = new SqlDataAdapter();
            SqlCommand command = new SqlCommand(commandText, connection);
            command.Parameters.AddWithValue("@UserID", username_textbox.Text.Trim());
            command.Parameters.AddWithValue("@Password", password_text.Text.Trim());

            try
            {
                connection.Open();
                sda.SelectCommand = command;

                DataTable dt = new DataTable();
                sda.Fill(dt);

                if (dt.Rows.Count == 1)
                {
                    mainmenu main = new mainmenu();
                    this.Hide();
                    main.Show();
                }
                else
                {
                    MessageBox.Show("Please Check usename and password");
                }

            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
            }
        }
    }

Upvotes: 1

Salah Akbari
Salah Akbari

Reputation: 39946

In SQL you should use and instead of &. Also you should always use parameterized queries to avoid SQL Injection. So your query should be something like this:

  string query =  "Select *  From User_Registration where UserID = @userName and Password = @password";
  sda.SelectCommand.Parameters.AddWithValue("@userName ", username_textbox.Text.Trim());
  sda.SelectCommand.Parameters.AddWithValue("@password", password_text.Text.Trim());

Upvotes: 2

Related Questions