I am making a login panel in winform C#. here when I try to check for the password and username that if they are in database or not, then I have a error:
If I enter nothing then it display wrong info message correctly.
but when i write password whether right or wrong it gives this error
System.Data.SqlClient.SqlException
HResult=0x80131904
Message=Incorrect syntax near 'maha986javed'
SqlConnection con = new SqlConnection("Data Source=DESKTOP-7VO9EU6; Initial Catalog=Registration; Integrated Security=True;");
SqlCommand cmd;
private void loginbutton_Click(object sender, EventArgs e)
{
con.Open();
cmd = new SqlCommand("Select * from UserInfo where Username="+textname.Text+"'And Password ='"+textpassword.Text+"''" ,con);
SqlDataReader reader = cmd.ExecuteReader();
if (reader.HasRows)
{
while (reader.Read())
{
infotext.Text = reader["Email"].ToString();
}
}
else
{
MessageBox.Show("Wrong info");
}
reader.Close();
cmd.ExecuteNonQuery();
}
Your SELECT
statement is wrong. Try this:
cmd = new SqlCommand("
SELECT *
FROM UserInfo
WHERE Username = '"+textname.Text+"'
AND Password = '" + textpassword.Text + "' ", con);
User contributions licensed under CC BY-SA 3.0