There are many problems in your code. Of course the compiler stops you at compile time, but then you will get other errors at runtime
So fixing the compile time problem is easy. Just write a retrun value if you don’t have any rows returned by your query:
// This returns true if you have rows, false if not
return (dt.Rows.Count > 0);
Now the problems that you will face at runtime are the following
- The equal operator in SQL is = not ==
- The multiple WHERE conditions should be joined by a logical operator
(AND, OR) - The sql text should be parameterized
.
public bool loginpro(string loginas, string dept, string usnm, string pass)
{
try
{
string qrstr;
qrstr = @"select * from login where loginas=@login and dept = @dept
and usnm = @user and pass= @pass";
Gencon.Open();
SqlCommand cmd = new SqlCommand(qrstr, Gencon);
cmd.Parameters.Add("@login", SqlDbType.NVarChar).Value = loginas;
cmd.Parameters.Add("@dept", SqlDbType.NVarChar).Value = dept;
cmd.Parameters.Add("@user", SqlDbType.NVarChar).Value = usnm;
cmd.Parameters.Add("@pass", SqlDbType.NVarChar).Value = pass;
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
Gencon.Close();
return (dt.Rows.Count > 0);
}
catch (Exception e)
{
Gencon.Close();
return false;
}
}
There are other problems like not using the using statement and trying to pass a clear text password to your database engine that could cause memory leaks and security problems.
solved Getting Error: Not all code paths a value