[Solved] Login screen using asp.net and SQL Server

Question

This line of code:

string checkuser = "select * from tb_Login where Username="" + txtUsername.Text + "" and Password='" + txtPassword.Text + "' ";

Is sending a query to the database and asking: “Give me all the columns from tb_Login whose UserName is the value in the txtUsername box and the Password is in the txtPassword box.”

Then this line will take the value of the first column of the first row and try to convert it to an integer and if it cannot it will fail:

int temp = Convert.ToInt32(com.ExecuteScalar().ToString());

Change your query to select one column only: the column you need.

Also make sure you read this question on Stack Overflow so you can see how your code is a security threat to your own application.

Accepted Answer

This line of code:

string checkuser = "select * from tb_Login where Username="" + txtUsername.Text + "" and Password='" + txtPassword.Text + "' ";

Is sending a query to the database and asking: “Give me all the columns from tb_Login whose UserName is the value in the txtUsername box and the Password is in the txtPassword box.”

Then this line will take the value of the first column of the first row and try to convert it to an integer and if it cannot it will fail:

int temp = Convert.ToInt32(com.ExecuteScalar().ToString());

Change your query to select one column only: the column you need.

Also make sure you read this question on Stack Overflow so you can see how your code is a security threat to your own application.