Login Page C# .SDF

Question

I am trying to create an application that allows a user to log in using .sdf, there is not much on the internet about this!

Could really do with some pointers.

This is what I currently have but I believe it is a pile of mess as no matter what I type in each text box it will redirect me to Form2 (which is kinda expected). I know I need an if statement somewhere but not sure how to implement:

  private void Login_Click(object sender, EventArgs e)
  {
     using (SqlCeConnection yourConnection = new SqlCeConnection("Data Source=C:\\Users\\Username\\Documents\\Databases\\New Folder\\Login.sdf"))
     {
          string query = "SELECT * FROM tbl_employees where Username like '" + textBox1.Text + "' AND Password like '" + textBox2.Text +"'";
          SqlCeDataAdapter dA = new SqlCeDataAdapter(query, yourConnection);
          SqlCeCommandBuilder cBuilder = new SqlCeCommandBuilder(dA);

          this.Hide();
          Form2 secondForm = new Form2();
          secondForm.ShowDialog();
     }
 }

For the sake of the users of your program, please make yourself familiar with password hashing and salting. Storing a password in plaintext like you seem to be doing is "not a goood idea", to say the least. A starting point may be: http://stackoverflow.com/a/401684/1336590 (does not only apply to php) — Corak, Mar 24 '13 at 22:20
And while you're learning new stuff: read up on **parametrized queries** instead of concatenating together your SQL statements. Doing so opens you up to **SQL injection attacks** and it can easily be avoided using parametrized queries. — marc_s, Mar 25 '13 at 05:41

score 1 · Accepted Answer · edited Mar 25 '13 at 05:40

First, SQL Server CE database i.e .sdf file is just another storage file. It is very very light and portable version of SQL Server.

But, at most, your code and logicwould be similar to the one for SQL Server. Just different classes. i.e SqlCeConnection, SqlCeCommand and so on.

Now you need to verify that your connectionString is correct.

string connectionString ="data source=physical path to .sdf file; 
                         password=pwdThtUSet; persist security info=True";

using (SqlCeConnection yourConnection = new SqlCeConnection(connectionString))
{
       ....your logic
}

Now, in your query to search for the username and password combination matching row, don't do it with like because you need exact match.

so do it like:

     string query = "SELECT * FROM tbl_employees where Username ='" + textBox1.Text + "' AND Password ='" + textBox2.Text +"'";
      SqlCeDataAdapter dA = new SqlCeDataAdapter(query, yourConnection);
      DataTable dt = new DataTable();
      dA.Fill(dt);

      if(dt.Rows.Count>0)
      {
          this.Hide();
          Form2 secondForm = new Form2();
          secondForm.ShowDialog();
      }

Thanks for the help! I have managed to get the code to work and I am able to login using the query. I was hoping to have a condition that if a certain username and password, say (test, test), was entered it would redirect to a different page, say form3 instead of form2, I know this requires an if statement of somewhat would you be able to provide any assistance? And I have also been reading up on parametized queries, how would I be able to convert the above to that? Any help would be appreciated! — Gagan, Mar 25 '13 at 14:39

score 0 · Answer 2 · edited Mar 12 '17 at 13:25

0

Try this only after the login criterion has been met:

if (usernametextbox.Text.Equals("form2username", StringComparison.InvariantCultureIgnoreCase)) {
  // code for redirection to form2
  Hide();
  con.Close();
} else {
  if (usernametextbox.Text.Equals("form3username", StringComparison.InvariantCultureIgnoreCase)) {
    // code for redirection to form3
    Hide();
    con.Close();
  }
}

edited Mar 12 '17 at 13:25

Michał Młoźniak

5,466
2
22
38

answered Mar 12 '17 at 12:59

Indra

43
1
6

Login Page C# .SDF

2 Answers2