'Incorrect syntax near 'maha986javed'.'

-1

I am making a login panel in winform C#. here when I try to check for the password and username that if they are in database or not, then I have a error:

If I enter nothing then it display wrong info message correctly.

but when i write password whether right or wrong it gives this error

System.Data.SqlClient.SqlException
  HResult=0x80131904
  Message=Incorrect syntax near 'maha986javed'


SqlConnection con = new SqlConnection("Data Source=DESKTOP-7VO9EU6; Initial Catalog=Registration; Integrated Security=True;");
SqlCommand cmd;

private void loginbutton_Click(object sender, EventArgs e)
        {
            con.Open();
            cmd = new SqlCommand("Select * from UserInfo where Username="+textname.Text+"'And Password ='"+textpassword.Text+"''" ,con);
            SqlDataReader reader = cmd.ExecuteReader();
            if (reader.HasRows)
            {
                while (reader.Read())
                {
                    infotext.Text = reader["Email"].ToString();
                }
            }
            else
            {
                MessageBox.Show("Wrong info");
            }
            reader.Close();
            cmd.ExecuteNonQuery();

        }
c#
sql
sql-server
winforms
asked on Stack Overflow Aug 28, 2020 by Little Star

1 Answer

-1

Your SELECT statement is wrong. Try this:

cmd = new SqlCommand("
    SELECT *
    FROM UserInfo
    WHERE Username = '"+textname.Text+"'
        AND Password = '" + textpassword.Text + "' ", con);
answered on Stack Overflow Aug 28, 2020 by Ary Rodny • edited Aug 28, 2020 by xKobalt

User contributions licensed under CC BY-SA 3.0