The error arises from a simple typo. You have spaces added to the value passed for the Sid condition.
However your query should be rewritten in this way
string cmdText = "select Count(*) from [user] where Sid=@sid and password=@pwd";
SqlCommand cmd = new SqlCommand(cmdText, cnn)
cmd.Parameters.AddWithValue("@sid", textBox1.Text);
cmd.Parameters.AddWithValue("@pwd", textBox2.Text);
int count = Convert.ToInt32(cmd.ExecuteScalar());
if (count > 0)
MessageBox.Show("pass");
else
MessageBox.Show("fail");
This approach uses a parameterized query to avoid Sql Injection, and uses directly an SqlCommand without building the SqlDataAdapter and a DataTable. The SqlCommand.ExecuteScalar is the correct method to use when you need to retrieve simply the first column of a single row or call a scalar T-SQL function like COUNT()
As a side note, keep in mind that storing passwords in clear text in your database is a big security concern. Whoever has access to the database will be able to read the passwords of every user. The passwords should be stored as a computed hash and checked repeating the hashing algorithm on the user entered data.
2
solved please tell me why this query not working