Start as you mean to continue:
string query = "SELECT * FROM [User] WHERE username = @Username AND
hashedpassword = @HashedPass"
SqlCommand myCommand = new SqlCommand(query, conn);
myCommand.Paramaters.AddWithValue("@Username", username);
myCommand.Paramaters.AddWithValue("@HashedPass", hashedPassword);
read = myCommand.ExecuteReader();
Then if the count of rows is 1, you have a valid login, else you don't.
On Tue, Oct 12, 2010 at 12:52 PM, james <[email protected]> wrote:
> Hi,
>
> I'm currently working on a log in page for a windows app.
>
> All i want to do at this stage is check the entered username and
> password against the values held in the database.
>
> currently I have
>
> SqlDataReader read = null;
>
> string query = "SELECT * FROM [User] WHERE username = " + enteredUser;
> SqlCommand myCommand = new SqlCommand(query, conn);
> read = myCommand.ExecuteReader();
>
> //and just to check the values
>
> if((string)read["pass"]==txtPass.Text)
> {
> MessageBox.Show("worked");
> }
>
> does this look like it should be working? Its not bringing back any
> values when i enter details i know exist in the database.
>
> thanks
