0 
try
{

    OleDbConnection con = new OleDbConnection(@"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=  C:\Users\jay.desai\Documents\Visual Studio 2008\Projects\Jahoo Sign in form!\Jahoo Sign in form!\Registration_form.mdb");
    con.Open();
    OleDbCommand cmd = new OleDbCommand("select * from Login where Username='"+txtlognUsrnm.Text+"' and Password='"+txtlognpswrd+"'", con);
    OleDbDataReader dr = cmd.ExecuteReader();
    if(dr.Read() == true)
    {
        MessageBox.Show("Login Successful");
    }
    else
    {
        MessageBox.Show("Invalid Credentials, Please Re-Enter");
    }
catch (Exception ex)
{
    MessageBox.Show(ex.ToString());
}

I have created one login form and one table in microsoft access which contains username and password fields.when i click on login button it always shows else message though the username and password is same as in table.

Improve this question
2
  • 2
    what is your question ? Commented Jun 22, 2013 at 10:40
  • Perhaps actually passing in the password in your query string? txtlognpswrd should be txtlognpswrd.Text. HOWEVER - please learn and use Parameterized queries to prevent SQL Injection attacks. Commented Jun 22, 2013 at 10:42

1 Answer 1

Reset to default
3

The word PASSWORD is a reserved keyword in access-jet. You need to encapsulate it in square brackets.

OleDbCommand cmd = new OleDbCommand("select * from Login where Username=" + 
                       "? and [Password]=?", con);

Also do not use string concatenation to build sql commands but a parameterized query

There are other problems in your code above.
First try to use the using statement to be sure that the connection and other disposable objects are correctly closed and disposed.
Second, if you need only to check the login credentials, then there is no need to get back the Whole record and you could use the ExecuteScalar method avoiding the OleDbDataReader object

string constring = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=  C:\Users\jay.desai\Documents\Visual Studio 2008\Projects\Jahoo Sign in form!\Jahoo Sign in form!\Registration_form.mdb";
string cmdText = "select Count(*) from Login where Username=? and [Password]=?"
using(OleDbConnection con = new OleDbConnection(constring))
using(OleDbCommand cmd = new OleDbCommand(cmdText, con))
{
     con.Open();
     cmd.Parameters.AddWithValue("@p1", txtlognUsrnm.Text);
     cmd.Parameters.AddWithValue("@p2", txtlognpswrd.Text);  // <- is this a variable or a textbox?
     int result = (int)cmd.ExecuteScalar()
     if(result > 0)
          MessageBox.Show("Login Successful");
     else
         MessageBox.Show("Invalid Credentials, Please Re-Enter");
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

thank u...it was my mistake i forgot to write Text after txtLognpswrd..and yeah parameterized query is also great concept...thanks again

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.