1

I'm trying to construct a log in using the SqlServer which I'm not so familiar with. I don't ask for a very precise answer but more of a point in a general direction where the error may be. Should I learn more about the SqlServer to solve this problem or is the error somewhere else?

namespace Log_in
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void btnLogIn_Click(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\Joel\Documents\Data.mdf;Integrated Security=True;Connect Timeout=30");
            SqlDataAdapter sda = new SqlDataAdapter("SELECT COUNT(*) FROM Login WHERE Username='" + tbxLogIn.Text + "'AND Password ='"+tbxPassword.Text+"'", con);
            DataTable dt = new DataTable();
            sda.Fill(dt);
            if (dt.Rows[0][0].ToString() == "1")
            {
                this.Hide();
                Main ss = new Main();
                ss.Show();
            }
            else
            {
                MessageBox.Show("Incorrect log in details.");
            }
        }

        private void btnExit_Click(object sender, EventArgs e)
        {
            this.Close();
        }
    }
}
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
J.Palm
  • 11
  • 1
  • 2
    You should *definitely* learn more about working with SQL. For one thing, parameterized queries are king. Your query as it stands it vulnerable to SQL injection attacks. Check out https://xkcd.com/327/ for the horrors. – itsme86 Mar 21 '18 at 23:06
  • 2
    For your immediate error problem, it looks like you don't have a table called Login in your database. – itsme86 Mar 21 '18 at 23:07
  • I fixed the first problem by changing Login to Table but now a second one appears: System.Data.SqlClient.SqlException: 'Incorrect syntax near the keyword 'Table'.' – J.Palm Mar 22 '18 at 11:10

1 Answers1

1
  1. That error means it's not seeing Login. Either the table isn't there or you need to access it via schema.
  2. This code is vulnerable to SQL Injection attacks. Please learn about parameterized queries or use something like Entity Framework. More Info on how parameterized queries solves the problem.
McAden
  • 13,714
  • 5
  • 37
  • 63
  • I fixed the first problem by changing Login to Table but now a second one appears: System.Data.SqlClient.SqlException: 'Incorrect syntax near the keyword 'Table'.' – J.Palm Mar 22 '18 at 11:25