(very new to coding - am a beginner sorry if this doesn't make sense) I'm trying to make a log in page for my client booking system. I'm having an issue where any username/password combination is accepted. One thing I do know is that I need to implement SQL parameters (to prevent injection) but not sure how. Here is my code attached. I want the outcome of this code to be that when the login button is pressed, the program checks the inputs against a database and then allows a log in - to the main menu, or a message box to appear telling the user to try again.
private void LogInButton_Click(object sender, EventArgs e)
{
SqlConnection sqlcon = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\user\Documents\LoginDB.mdf;Integrated Security=True;Connect Timeout=30");
sqlcon.Open();
SqlDataAdapter sda = new SqlDataAdapter("Select count(*) from Login Where username ='" + username.Text.Trim() + "' and password ='" + password.Text.Trim() + "'", sqlcon);
DataTable dt = new DataTable();
sda.Fill(dt);
sqlcon.Close();
if (dt.Rows.Count == 1)
{
frmMainMenu objFrmMainMenu = new frmMainMenu();
this.Hide();
objFrmMainMenu.Show();
}
else
{
MessageBox.Show("Invalid User Credentials. Try again !");
}
}
And here is the table info and set up
[table columns][table data]1
any advice is appreciated - please let me know if more information is needed.
