|
Problems I noticed:
1. You're trying to log on to an SQL Server with 'sa' credentials.
2. You're code is open for SQL Injection.
3. SqlConnection should be opened in a try-catch block.
4. SqlDataReader should be closed after you retrive the data (either explicitly, or by specifíing the whole thing in a using statement.)
5. You just check is the SqlDataReader is created, but not if there's anything to read, so if there's no data, the GetString method will throw an excpetion.
6. You're using an unnecessary global variable chk.
7. You're shouldn't specify if the username or the password was incorrect. Just use some generic error message.
8. Don't let the user see the stack trace of an exception if thrown.
|
|
|
|
|
ty for the answer, but i have a new question now, i looked up for some new code and found this:
my login.aspx file:
<%@ Page Language="C#" %><br />
<%@ Import Namespace="System.Data" %><br />
<%@ Import Namespace="System.Data.OleDb" %><br />
<%@ Import Namespace="System.Web.Security" %><br />
<%@ Register TagPrefix="MySite" TagName="Login" Src="login.ascx" %><br />
<br />
<script language="C#" runat="server"><br />
private void Page_Load(Object sender, EventArgs E) <br />
{<br />
if ((Page.IsPostBack) && (Page.IsValid)) {<br />
string strDSN = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\\Membership.mdb";<br />
string strSQL = "SELECT userName, userPassword FROM Membership WHERE userName='" + MyLogin.UserId + "'";<br />
<br />
OleDbConnection myConn = new OleDbConnection(strDSN);<br />
OleDbCommand myCmd = new OleDbCommand(strSQL, myConn);<br />
OleDbDataReader dr = null;<br />
try {<br />
myConn.Open();<br />
dr = myCmd.ExecuteReader();<br />
<br />
if(dr.Read()) {<br />
if(dr.GetString(1).Trim() == MyLogin.Password.Trim()) <br />
{<br />
FormsAuthentication.RedirectFromLoginPage(MyLogin.UserId, false);<br />
}<br />
else<br />
Message.Text = "Login mislukt. Probeer opnieuw";<br />
}<br />
else<br />
{<br />
Message.Text = "Login mislukt. Probeer opnieuw";<br />
}<br />
}<br />
catch(Exception myException) {<br />
Response.Write("Oops. The error: " + myException.Message);<br />
}<br />
finally {<br />
myConn.Close();<br />
}<br />
}<br />
}<br />
</script><br />
<html><br />
<body><br />
<h3>Login</h3><br />
<form runat="server" ID="Form1"><br />
<asp:Label id="Message" runat="server" /><br />
<MySite:Login id="MyLogin" BackColor="#FFFFCC" runat="server"/><br />
</form><br />
</body><br />
</html>
Is it possible to work with a OleDbConnection to connect to a SQL database?
thanks in advance
|
|
|
|
|
daviperke wrote: Is it possible to work with a OleDbConnection to connect to a SQL database?
Yes it is, but it's not recommended.
Note that in your new code problems 2 and 4 still remain. To solve 2 use a parametrized query and SqlParamaters. To solve 4 in the finally block write:
if (dr != null) dr.Close(); Also I don't recommend writing out any exception info. Use user-friendly messages to hide technical details.
|
|
|
|
|
Error: Could not use ''; file already in use.
this is the error i get when i fill in something and press login
code:
<%@ Page Language="C#" %><br />
<%@ Import Namespace="System.Data" %><br />
<%@ Import Namespace="System.Data.OleDb" %><br />
<%@ Import Namespace="System.Web.Security" %><br />
<%@ Register TagPrefix="MySite" TagName="Login" Src="login.ascx" %><br />
<br />
<script language="C#" runat="server"><br />
<br />
private void Page_Load(Object sender, EventArgs E) <br />
{<br />
if (Page.IsPostBack)
{<br />
string strDSN = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\\sql server 2005\\MSSQL.1\\MSSQL\\Data\\db.mdf";<br />
string strSQL = "SELECT emailadres, paswoord FROM tblPersoneelslid WHERE emailadres='" + MyLogin.UserId + "'";<br />
<br />
OleDbConnection myConn = new OleDbConnection(strDSN);<br />
OleDbCommand myCmd = new OleDbCommand(strSQL, myConn);<br />
OleDbDataReader dr = null;<br />
<br />
try<br />
{<br />
myConn.Open();<br />
dr = myCmd.ExecuteReader();<br />
<br />
if (dr.Read())<br />
{<br />
if (dr != null) dr.Close();<br />
{<br />
if (dr.GetString(1).Trim() == MyLogin.Password.Trim())<br />
{<br />
FormsAuthentication.RedirectFromLoginPage(MyLogin.UserId, false);<br />
}<br />
else<br />
{<br />
Message.Text = "Login mislukt. Probeer opnieuw";<br />
}<br />
}<br />
}<br />
else<br />
{<br />
Message.Text = "Login mislukt. Probeer opnieuw";<br />
}<br />
<br />
}<br />
catch (Exception myException)<br />
{<br />
Response.Write("Foutmelding: " + myException.Message);<br />
}<br />
finally<br />
{<br />
myConn.Close();<br />
}<br />
}<br />
}<br />
</script>
|
|
|
|
|
You can't connect to the database file itself, unless it is detached from SQL Server.
In my previous post I meant using OleDbConnection just like SqlConnection, that is connecting to the server.
|
|
|
|
|
hmmm, my knowledge about SQL server is very bad, how can you detached the file from SQL server?
|
|
|
|
|
Apart from the fact that you probably shouldn't do it this way - In Object Explorer right-click on the database and then select Tasks->Detach...
|
|
|
|
|
hmmmm, i found another article about login control:
http://support.microsoft.com/kb/Q301240[^]
when i do all this, i don't get any error, but i can't login :s nothing happens when i press logon.
What can be the problem of this?
|
|
|
|
|
This article contains some bad practises, for example storing password in plain text, not separating Data Access from business logic or not closing a SqlConnection properly (should be done in a finally block). I also don't understand why simple html controls with runat="server" are used, instead of just using server controls like Textbox or Button . Honestly I'm surprised this was published on a Microsfot site.
To get back to your problem - you didn't describe your problem well enough, so I have no idea what could be wrong. Are you using ASP.NET 1.1 or 2.0? If the latter is the case you might want to consider using the new Membership provider (Google for 'ASP.NET membership', and you'll find many resources about the subject).
|
|
|
|
|
ty for the help, this asp?net membership seems very usefull.
i'm trying to make a login control on a ASP.NET website and also a login control on a Winform, both in C#.
it's difficult for me, but i don't give up
|
|
|
|
|
|
ty for all the info !
my login control for my ASP website works !! I used the ASP.NET membership
|
|
|
|
|
hi friends
how to creat chat window in asp,c#.net
can u help me
regards
saravanan
|
|
|
|
|
you can use system.net and system.io to make chat window in c#
|
|
|
|
|
|
Hi Guys
I am looking for Video streaming component like YouTube which i can integerate in my web application for uploading and sharing videos, can anyone suggest me the resources or the component name with which i can achieve functionality related to video streaming.
Regards
GOurav Verma
Gourav
|
|
|
|
|
i have a situation in which i have to trace the user who have accessed the website!I have not set any option for it.
Does the IIS not automatically maitain this information?
Any other solution to get this information while i have not made configuration for this perpose?
Website is in ASP.net 2.0
|
|
|
|
|
|
Hi
strcmd = "Insert into CreateAccount values('" + txtUname.Text + "','" + txtPass.Text + "','" + txtCPass.Text + "','" + txtEmail.Text + "','" + txtSQuest.Text + "','" + txtSAns.Text + "',;for new line wht i have to write.
'" + ChkEnquiry.Text + "','" + ChkStock.Text + "' ,'" + ChkPayroll.Text + "' )";
I m saving data in CreateAccount table ,I want to save Checkbox 's values like checked or not means in table i want to save 0 or 1, & while saving i want to check condition Checkbox1.checked==true or not tell me how to write code for this.
Plz help me as soon as possible
CARE CAREER
|
|
|
|
|
I am using asp.net with C# .how to move in next line please tell this also.
Thanks
CARE CAREER
|
|
|
|
|
you can take a int variable and set that depending upon your checkbox and further you can use the same variable in your query.
Care Career wrote: for new line wht i have to write
no need to do anything extra it will take care of that automatically.
BTW it is not a good practice to insert the data into database it is open for sqlinjection. You should use stored procedure.
Best Regards,
Apurva Kaushal
|
|
|
|
|
Plz tell me how to create stored procedure for this & how i store daia in this.
& i have written on save click this code .
conn.Open();
if (ChkEnquiry.Checked== true)
{
a = ChkEnquiry.Text;
}
else if(ChkPayroll.Checked==true)
{
b = ChkStock.Text;
}
else if(ChkStock.Checked==true)
{
c= ChkPayroll.Text ;
}
strcmd = "Insert into CreateAccount values('" + txtUname.Text + "','" + txtPass.Text + "','" + txtCPass.Text + "','" + txtEmail.Text + "','" + txtSQuest.Text + "','" + txtSAns.Text + "','" +a.ToString() +"','" +b.ToString()+"','" +c.ToString()+"')";
SqlCommand cmd =new SqlCommand(strcmd,conn);
cmd.ExecuteNonQuery();
this.Controls.Add(new LiteralControl(" alert('Data Saved');"));
ClearTextBoxes();
it gives error it is nt saving.
plz tell as soon as possible
Thanks
CARE CAREER
|
|
|
|
|
You can see this[^] to know how to use stored procedure with asp.net.
Best Regards,
Apurva Kaushal
|
|
|
|
|
Thanks for stored procedur i will go thrugh tht link but in below given code i want Checkbox value like if it is checked then in table it should store 1 else 0.How i do this .When i write ChkEnquiry.Text ,it gived label Enquiry not its value.
if (ChkEnquiry.Checked== true)
{
a = ChkEnquiry.Text;
}
if(ChkPayroll.Checked==true)
{
b = ChkStock.Text;
}
if(ChkStock.Checked==true)
{
c= ChkPayroll.Text ;
}
strcmd = "Insert into CreateAccount values('" + txtUname.Text + "','" + txtPass.Text + "','" + txtCPass.Text + "','" + txtEmail.Text + "','" + txtSQuest.Text + "','" + txtSAns.Text + "','" +a.ToString() +"','" +b.ToString()+"','" +c.ToString()+"')";
SqlCommand cmd =new SqlCommand(strcmd,conn);
cmd.ExecuteNonQuery();
this.Controls.Add(new LiteralControl(" alert('Data Saved');"));
ClearTextBoxes();
Thanks & Regards
CARE CAREER
|
|
|
|
|
Care Career wrote: if (ChkEnquiry.Checked== true)
{
a = ChkEnquiry.Text;
}
What you want to store here?
You can give here
a = "1";
if a is a string variable.
Best Regards,
Apurva Kaushal
|
|
|
|