hi,
i need to get the column values from the table login.it contais two columns ,userid and password. i want to check the userid and password values when the user logged in.so i have to compare the entered textbox value with the saved value. i am using the code is shown below.

rdr=cmd.executereader();
while(rdr.read())
{
if(txtbox1.text==rdr[0])
if(txtbox2.text==rdr[0])
msg(" successfully loggedin");
}

i am using the asp.net(C#.net )with sql server..
so can u tell me the solution for that.

Why dont you include the parameters in the select statement something like

string st = "select user, pass from loggin where user = '"+txtbox1.text+"' and pass = '"+txtbox2.text+"'";
//Then pass that select to the command object
rdr=cmd.executereader();
if(rdr.HasRows)
{
   msg(" successfully loggedin");
}

Take care.

hi,
thank you very much. ur code is working.. but i need to compare the userid and password with the saved user id and password in the database. when the both are matched then we will give the msg box as" successfully loggedin" . so can u send the code for it.

You do not want to bring the password back in a select statement for security reasons. Do what jbisono suggested and send the data to the database. If you try to select the user "Where username = @username and password = @password" then it will return 0 rows since the password did not match, thus the login failed. If you have a row then the login was OK.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.