1

i've been working with C# Application and i want to create login page for it but i face a problem with this code , it seemed to be not working 

   private void button1_Click(object sender, EventArgs e)
    {
        SqlDataReader sdr;
        string query = "select * from User where User_Name = '" + textBox1.Text + "'and User_Password = '" + this.textBox2.Text + "'";
        SqlConnection connectpassword = new SqlConnection(@"Data Source=AHMEDIBRAHIM\SQLEXPRESS;Initial Catalog=Payment;Integrated Security=True");
        connectpassword.Open();
        SqlCommand logincomand = new SqlCommand( query, connectpassword);
        logincomand.Parameters.Add(@"n", SqlDbType.Text).Value = textBox1.Text;
        logincomand.Parameters.Add(@"p", SqlDbType.Int).Value = textBox2.Text;
        sdr = logincomand.ExecuteReader();
        int i = 0; 
       while (sdr.Read()){

           i = i + 1; 

       }
       if (i == 1) { 

            MessageBox.Show("User Name and Password incroect ");


           }
       else if (i > 1)
       {
           MessageBox.Show("Duplicate username and password", "login page");
       }
       else
       {
           MessageBox.Show(" username and password incorrect", "login page");
       }

Once i rung it ! .. i get this Incorrect syntax near the keyword 'User'.

1 Answers1

1

This is likely having issues because "User" is a keyword in Sql Server. You can fix it by changing it to:

string query = "select * from [User] where User_Name = '" + textBox1.Text + "'and User_Password = '" + this.textBox2.Text + "'";
oppassum
  • 1,746
  • 13
  • 22
  • >i change it but i still get this error ` The data types text and varchar are incompatible in the equal to operator ` –  Jul 15 '15 at 18:26
  • ` The data types text and varchar are incompatible in the equal to operator ` –  Jul 15 '15 at 18:26
  • your first parameter, "n"... change the SqlDbType to SqlDbType.VarChar – oppassum Jul 15 '15 at 18:27
  • its type in DB is Text not varchar ! @oppassum –  Jul 15 '15 at 18:30
  • should i change it to varchar ? –  Jul 15 '15 at 18:30
  • It's worth a try... you know what the issue is by this point, just figure out how your data types are different – oppassum Jul 15 '15 at 18:30
  • oh, you aren't doing this correctly. those parameters aren't even being used – oppassum Jul 15 '15 at 18:31
  • i'm sorry , but it's not working ! , and i don't not how to solve it ! , can to tell me brief and i will be thankful –  Jul 15 '15 at 18:39
  • I'm sorry but you need a better understanding of what you're doing. here's another stackoverflow to help: http://stackoverflow.com/questions/7505808/using-parameters-in-sql-statements and here's the MSDN for SqlCommand https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand(v=vs.110).aspx – oppassum Jul 15 '15 at 18:48