|
Hi,
I develop a Csharp smart device application.I create a FormConnexion to let me when I enter a login and password to verify these parameters in my database .sdf.The code i write is this below
private void button1_Click(object sender, EventArgs e)
{
string s1 = textBox1.Text;
string s2 = textBox2.Text;
SqlCeConnection cnx = new SqlCeConnection();
string wCS = String.Format("DATA SOURCE = '{0}';", Program.gFichierBase);
cnx.ConnectionString = wCS;
string req = "SELECT * FROM Connexion WHERE Login = @login AND MotPasse = @pass";
SqlCeCommand cmd = new SqlCeCommand(req, cnx);
SqlCeParameter login = new SqlCeParameter("login", s1);
cmd.Parameters.Add(login);
SqlCeParameter pass = new SqlCeParameter("pass", s2);
cmd.Parameters.Add(pass);
BaseGmaoLocaleDataSet2 dat = new BaseGmaoLocaleDataSet2();
DataRow[] foundRows;
foundRows = dat.Tables["Connexion"].Select("Login like '%" + s1 + "%' and MotPasse like '%" + s2 + "%'");
if (foundRows != null)
{
MessageBox.Show("Authentification réussie");
MenuP m = new MenuP();
m.Show();
}
else
{
MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");
}
}
The problem is that any login and password I enter,it lets me pass"successful authentification"
How can i modify this code?
Thanks
|
|
|
|
|
Hi again,
1.
DataTable.Select never returns null
2.
I suggest you return to your earlier thread and read the replies you got there (again). Your code has several issues.
|
|
|
|
|
Hi Luc,
The code I gave is the result of all my earlier thread suggestions.I don't know really what is the problem.
I will be very grantful if u help me to depass that problem.
Thanks
|
|
|
|
|
I explained what wasn't OK with your code 8 hours ago. I'm not going to repeat it here, you can still read it back there.
|
|
|
|
|
Hi,
Thank u for u last helps.The only notice I don't understand is this:
it should work, however I don't think wildcards are a good idea for authentication.
Chances are entering
username: a
password: a
will let you in, as it would match Jan/MySecretPassword as well as an infinite number of other possible accounts.
Smile
Thank u in all cases
|
|
|
|
|
LIKE '%a%'
matches each of the following:
a
aaaa
bac
WhateverTheUserEntersAsLongAsItContainsAtLeastOneLowerCaseA
is that what you want for authentication purposes?
|
|
|
|
|
Hi,
I understand.But how can i use that to depass my problem??
Thank u Luc for u great help.It seems sometimes annoying but really it is my first time that i develop a full application with csharp.Many problems that i should depass
Thanks
|
|
|
|
|
God...you've totally mixed ideas from your last thread without actually finishing one.
You created dat, but you never actually filled it with any values. You need to use the Select statement to fill the datatable. The way you have it, nothing will ever be in the datatable.
As Luc has said, dat.Tables["Connexion"].Select will never return a null value. it will return an array of DataRow...in your case with an upper bound of -1.
First, read up on ADO.NET. Then, use a SELECT statement to fill a datatable using the "WHERE login = @login...".
Then, you just check the datatable Rows.Count property to see if it has rows.
And, again, like they've said, don't use "like" in password authentication. "Like %a%" will return a high percentage of words (any word with 'a' in it).
ADO.NET[^] (it's in English...hopefully your English is good enough to get through it...otherwise, find a book in French on ADO.NET)
|
|
|
|
|
Hi,
I tried like this but still not working:
using System;
using System.Linq;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlServerCe;
namespace ModeDifféré
{
public partial class Connexion : Form
{
public Connexion()
{
InitializeComponent();
}
private void Connexion_load(object sender, EventArgs e)
{
createconnexion();
}
private void createconnexion()
{
}
private void button1_Click(object sender, EventArgs e)
{
string chcon = null;
SqlCeCommand command;
SqlCeDataAdapter adapter = new SqlCeDataAdapter();
adapter.TableMappings.Add("Table", "Connexion");
DataSet ds = new DataSet();
string sql = null;
string login,MotPass;
sql = "Select login from Connexion where login=@login and MotPass=@MotPass ";
string chcc= "BaseGmaoLocale.sdf;";
SqlCeConnection sqlceconn= new SqlCeConnection(chcc);
sqlceconn.Open();
try
{
sqlceconn.Open();
command = new SqlCeCommand(sql, sqlceconn);
adapter.SelectCommand = command;
adapter.Fill(ds, "SQL Temp Table");
adapter.Dispose();
command.Dispose();
sqlceconn.Close();
MessageBox.Show("Number of row(s) - " + ds.Tables[0].Rows.Count);
}
catch (Exception ex)
{
MessageBox.Show("Can not open connection ! ");
}
if (ds.Tables[0].Rows.Count != 0)
{
MessageBox.Show("Authentification réussie");
MenuP m = new MenuP();
m.Show();
}
else
{
MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");
}
}
}
}
4 notifications appears:
Warning 1 The variable 'chcon' is assigned but its value is never used C:\Users\Admin\Documents\Visual Studio 2008\Projects\GMAOMobile\ModeDifféré\Connexion.cs
Warning 2 The variable 'login' is declared but never used C:\Users\Admin\Documents\Visual Studio 2008\Projects\GMAOMobile\ModeDifféré\Connexion.cs
Warning 3 The variable 'MotPass' is declared but never used C:\Users\Admin\Documents\Visual Studio 2008\Projects\GMAOMobile\ModeDifféré\Connexion.cs
Warning 4 The variable 'ex' is declared but never used C:\Users\Admin\Documents\Visual Studio 2008\Projects\GMAOMobile\ModeDifféré\Connexion.cs
When running it tells me there are an error in the connexion string chcc
Can u help me
Thanks
|
|
|
|
|
You're still not understanding the basic concepts. Have a look at the example on this page: SqlCeDataAdapter Class[^]
Here are the steps you need to do...
1. Create the Connection
2. Create the command and sql string that will extract the data
3. Add the parameter values to the command
4. Create the adapter using the command
5. Fill the dataset
The errors you get are self-explanatory...you created variables that you never assign anything to or use in any way.
You also created a sql string with parameters in it, but then never filled the parameters, so you're never going to return what you want.
With your code...you would want to follow the steps:
string chcc= "Data Source = BaseGmaoLocale.sdf;";
SqlCeConnection sqlceconn= new SqlCeConnection(chcc);
SqlCeCommand command = sqlceconn.CreateCommand();
command.CommandText = "Select login from Connexion where login=@login and MotPass=@MotPass ";
string s1;
SqlCeParameter login = new SqlCeParameter("@login", SqlDbType.NVarChar);
login.value = s1;
string s2;
SqlCeParameter MotPass = new SqlCeParameter("@MotPass", SqlDbType.NVarChar);
MotPass.value = s2;
command.Parameters.Add(login);
command.Parameters.Add(MotPass);
SqlCeDataAdapter adapter = new SqlCeDataAdapter(command);
DataSet ds = new DataSet();
try
{
adapter.Fill(ds, "SQL Temp Table");
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
if ((ds.Tables.Count > 0) && (ds.Tables["SQL Temp Table"] != null))
MessageBox.Show("Number of row(s) - " + ds.Tables["SQL Temp Table"].Rows.Count);
adapter.Dispose();
sqlceconn.Dispose();
command.Dispose();
if that doesn't work, tell me what the exception message is specifically...and don't change anything that I've written...try it as is filling in the login and password information.
And you only need to put the specific line that could throw an error in the Try /Catch block. In this case, nothing should throw an error until the adapter.Fill call.
|
|
|
|
|
To be fair...you've gotten some conflicting...and some bad information.
One of which did come from me...which I explained the mistake I made (using parens instead of brackets to get at an item in an array)
You had one person telling you to use wildcards...which no programmer in their right mind would do when dealing with authentication...it's either all or nothing.
You had someone tell you to use:
string req = "SELECT * FROM Connexion WHERE Login = @login AND MotPasse = @pass";
SqlCeCommand cmd = new SqlCeCommand(req, cnx);
SqlCeParameter login = new SqlCeParameter("login", s1);
cmd.Parameters.Add(login);
SqlCeParameter pass = new SqlCeParameter("pass", s2);
cmd.Parameters.Add(pass);
which won't work because he used "@login" and "@pass" as his parameter names but then didn't include the "@" when defining the parameters which is required.
You had someone tell you to use: int count = cmd.ExecuteScalar(); . That's not always going to work, and it doesn't return a count of anything. It just returns the value in the first column of the first row. So if your first column is a string, this should throw an error.
But, he was right in saying that you could do it that way and see if it returned an object or a null value. You could say
string req = "SELECT * FROM Connexion WHERE Login = @login AND MotPasse = @pass";
SqlCeCommand cmd = new SqlCeCommand(req, cnx);
SqlCeParameter login = new SqlCeParameter("@login", s1);
cmd.Parameters.Add(login);
SqlCeParameter pass = new SqlCeParameter("@pass", s2);
cmd.Parameters.Add(pass);
object value = cmd.ExecuteScalar();
if (value != DbNull.Value)
{
MessageBox.Show("Authentification réussie");
}
|
|
|
|
|
Hi William,
You propose to me 2 solutions:
*First Solution
private void button1_Click(object sender, EventArgs e)
{
string s1 = textBox1.Text;
string s2 = textBox2.Text;
SqlCeConnection cnx = new SqlCeConnection();
string wCS = String.Format("DATA SOURCE =BaseGmaoLocale.sdf" );
cnx.ConnectionString = wCS;
string req = "SELECT * FROM Connexion WHERE Login = @login AND MotPasse = @pass";
SqlCeCommand cmd = new SqlCeCommand(req, cnx);
SqlCeParameter login = new SqlCeParameter("login", s1);
cmd.Parameters.Add(login);
SqlCeParameter pass = new SqlCeParameter("pass", s2);
cmd.Parameters.Add(pass);
object value = cmd.ExecuteScalar();
if (value != DbNull.Value)
{
MessageBox.Show("Authentification réussie");
}
else
{
MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");
}
}
}
}
This solution has an error in Dbnul
Error 1 The name 'DbNull' does not exist in the current context C:\Users\Admin\Documents\Visual Studio 2008\Projects\GMAOMobile\ModeDifféré\Connexion.cs
I added the directory using System.Runtime and the class
[SerializableAttribute]
[ComVisibleAttribute(true)]
public sealed class DBNull :ISeriasable,IConvertible
{
}
but this solution doesn't work
*Second Solution:
string chcc= "Data Source = BaseGmaoLocale.sdf;";
SqlCeConnection sqlceconn= new SqlCeConnection(chcc);
SqlCeCommand command = sqlceconn.CreateCommand();
command.CommandText = "Select login from Connexion where login=@login and MotPass=@MotPass ";
string s1;
SqlCeParameter login = new SqlCeParameter("@login", SqlDbType.NVarChar);
login.value = s1;
string s2;
SqlCeParameter MotPass = new SqlCeParameter("@MotPass", SqlDbType.NVarChar);
MotPass.value = s2;
command.Parameters.Add(login);
command.Parameters.Add(MotPass);
SqlCeDataAdapter adapter = new SqlCeDataAdapter(command);
DataSet ds = new DataSet();
try
{
adapter.Fill(ds, "SQL Temp Table");
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
if ((ds.Tables.Count > 0)&&(ds.Tables["SQL Temp Table"] != null))
MessageBox.Show("Number of row(s) - " + ds.Tables["SQL Temp Table"].Rows.Count);
adapter.Dispose();
sqlceconn.Dispose();
command.Dispose();
This solution tells me that the path of my database is not found.Also,where can i add this statement to show me the message Box :
if (ds.Tables["SQL Temp Table"].Rows.Count!=0)
{
MessageBox.Show("Authentification réussie");
}
else
{
MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");
}
what can i do and what solution do i follow?
Thanks
|
|
|
|
|
You're still not getting the basics.
When you use a parameter..as in SqlCeParameter login = new SqlCeParameter("login", s1); , you have to use the name exactly as you typed it in the SQL...in this case "@login".
As far as DbNull not existing, I don't know what to tell you because it's a class within the System namespace. Make sure you've include using System; in your header. If you didn't, you can include it, or use System.DbNull . But the first code still won't work because you have the parameters wrong.
As far as the second code, you didn't provide values for s1 and s2
You need to change
string s1;
to
string s1 = textBox1.Text;
and do the same for s2. If you can't understand that concept, then this project is way beyond your skills. You have to provide a value to a variable.
And I'm just curious, but when you run the first solution, insert a breakpoint at line object value = cmd.ExecuteScalar(); . Run the code and tell me what value is.
And I'm sorry, but if you can't tell where to insert that line of code, then you need to pay someone to do this for you, because that's basic coding. If you don't understand the code that we've written, then you shouldn't be doing this.
|
|
|
|
|
Hi William,
It seems difficult for me because it is the first time I develop a Csharp smart device application.
For the second code:the problem still in the database path.Althought i follow this link,http://www.connectionstrings.com/sql-server-2005-ce[^],I change my connectionstring by: string wCS = String.Format("Data Source=C:\\Users\\Admin\\Documents\\Visual Studio 2008\\Projects\\GMAOMobile\\ModeDifféréBaseGmaoLocal.sdf;Persist Security Info=False;");it still the same sql exception
For the first code,the same exception of the database appears.
Thank u if u help me more
|
|
|
|
|
Hi,
Thank u a lot,I found the solution finally.This is the code
private void button1_Click(object sender, EventArgs e)
{
string wCS = @"Data Source =\Storage Card\ModeDifféré\BaseGmaoLocale.sdf;";
SqlCeConnection sqlceconn = new SqlCeConnection(wCS);
SqlCeCommand command = sqlceconn.CreateCommand();
command.CommandText = "Select login from Connexion where Login=@Login and MotPasse=@MotPasse ";
string s1=textBox1.Text;
SqlCeParameter Login = new SqlCeParameter("@Login", SqlDbType.NVarChar);
Login.Value = s1;
string s2=textBox2.Text;
SqlCeParameter MotPasse = new SqlCeParameter("@MotPasse", SqlDbType.NVarChar);
MotPasse.Value = s2;
command.Parameters.Add(Login);
command.Parameters.Add(MotPasse);
SqlCeDataAdapter adapter = new SqlCeDataAdapter(command);
DataSet ds = new DataSet();
try
{
adapter.Fill(ds, "SQL Temp Table");
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
if ((ds.Tables.Count > 0) && (ds.Tables["SQL Temp Table"] != null))
{MessageBox.Show("Number of row(s) - " + ds.Tables["SQL Temp Table"].Rows.Count);
if(ds.Tables["SQL Temp Table"].Rows.Count>0)
{ MessageBox.Show("Authentification réussie");
MenuP m = new MenuP();
m.Show();}
else MessageBox.Show("Login ou mot de passe incorrect veuillez réessayer");}
adapter.Dispose();
sqlceconn.Dispose();
command.Dispose();
}
Thanks a lot for all u contribution
|
|
|
|
|
Hello,
I have assembly attributes like this:
[assembly: InternalsVisibleTo("UI Test")]
[assembly: AssemblyCopyright("Copyright © 2009")]
in my AssemblyInfo.cs file. But, now, I want to set the values programmatically from my code. Is it possible ? If so, can you please give me a snippet to do that ?
|
|
|
|
|
Not for the executing assembly, once the assemblies compiled these attributes are 'baked' in. However, you may be able to do it for a dynamically generated assembly using the Reflection Emit functionality.
|
|
|
|
|
I dont get, why would you like to do this runtime???
With great code, comes great complexity, so keep it simple stupid...
|
|
|
|
|
Hi Paw, thanks for reply.
Ok, I have the assembly attribute
[assembly: InternalsVisibleTo("UI Test")]
And I want it applicable only when I do debugging and testing. I dont want to make internals visible to some assembly in my production build. Now, Yes, I can comment this line everytime I make a RELEASE build and comment out when I do debugging, but it is not easy to maintain. Many times I can forget to comment this line and ship the release build with this attribute. Now, if I know how I can do it programmatically, then, I will use
#if (DEBUG)
...
[assembly: InternalsVisibleTo("UI Test")]
#end if
So, I dont have to remember to comment this line.
Thats why I need the snippet for doing so. Can you give me any idea for doing this task in some other way ?
Thanks again.
|
|
|
|
|
Does # if DEBUG not work for that?
Maybe have two versions of AssemblyInfo.cs?
|
|
|
|
|
Owee... yes, it is working. I could not think that it will work, I thought I cannot write any C# code in AssemblyInfo.cs file. So, I did not dare to try. Now it see it works thanks.
|
|
|
|
|
There isn't anything special about AssemblyInfo.cs
The file extension is .cs which stands for C-sharp.
and you can move all of its content to another C# file, e.g. Program.cs
|
|
|
|
|
|
yeah, however that ruins the nice little About Box Visual Studio is keen to provide.
|
|
|
|
|
I've tried that, but I prefer a simple MessageBox.
|
|
|
|
|