0

I'm building a login page using C# forms for my app. So far, I have implemented how to insert a username, with a specific username and hashed password. Now in order to retrieve it, i'm using this function. Since the username value is unique, when i run my sql statement i will only receive 1 element, which is the password for this username if it is available as a string. But when i have string pass = cmd.ExecuteNonQuery(); i get an error in my code. Is there any way to solve this without having to create a datareader ?

private void btn_Login_Click(object sender, EventArgs e)
{

    try
    {
        sc.Open();

        SqlCommand cmd = new SqlCommand("SELECT Password FROM dbo.Login WHERE username=@UN", sc);
        cmd.Parameters.AddWithValue("@UN", tb_Username);
        string pass = cmd.ExecuteNonQuery();

        if (Decrypt(pass) == tb_Password)
        {
            Find_Resource show_now = new Find_Resource();
            show_now.Show();
            this.Hide();
        }

        else MessageBox.Show("Incorrect credentials");

        sc.Close();


    }


    catch (Exception ex)
    {
        MessageBox.Show(ex.Message);
    }

}
ZwoRmi
  • 1,093
  • 11
  • 30
Nassif Bousaba
  • 386
  • 1
  • 4
  • 22

3 Answers3

4

ExecuteNonQuery returns number of affected rows. It supposed to be used with INSERT, UPDATE and DELETE queries. You should use ExecuteScalar - it returns first cell of first row from query results:

string pass = (string)cmd.ExecuteScalar();

NOTE: Make sure you are wrapping your SqlCommand and SqlConnection into using blocks. That will ensure objects are disposed even in case of exception:

public string GetPassword(string username)
{
     string query = "SELECT Password FROM dbo.Login WHERE username=@UN";

     using(SqlConnection conn = new SqlConnection(connectionString))
     using(SqlCommand cmd = new SqlCommand(query))
     {
          cmd.Parameters.AddWithValue("@UN", tb_Username);
          conn.Open();
          return (string)cmd.ExecuteScalar();
     }
}

And your main method:

try
{
    if (Decrypt(GetPassword(tb_Username)) != tb_Password)
    {
        MessageBox.Show("Incorrect credentials");
        return;
    }

    Find_Resource show_now = new Find_Resource();
    show_now.Show();
    this.Hide();
}
catch (Exception ex)
{
    MessageBox.Show(ex.Message);
}
Sergey Berezovskiy
  • 232,247
  • 41
  • 429
  • 459
1

change the cmd.executereader to

string pass = string.Empty;
using (var sqlDataReader = cmd.ExecuteReader(CommandBehavior.SingleResult | CommandBehavior.CloseConnection | CommandBehavior.SingleRow))
{
     if(sqlDataReader.Read())
     {
         pass = sqlDataReader.GetString(0);
     }
}

And whenever you get an error use a try catch to capture it

so place all the code above in

try
{
 //tha code
}
catch(Exception e)
{
 MessageBox.Show(e.Message);
}

ExecuteReader

This way you can find the actual exception that is thrown.

Schuere
  • 1,579
  • 19
  • 33
0

ExecuteNonQuery. You can use the ExecuteNonQuery to perform catalog operations (for example, querying the structure of a database or creating database objects such as tables), or to change the data in a database without using a DataSet by executing UPDATE, INSERT, or DELETE statements.

Check this What is the difference between ExecuteScalar, ExecuteReader and ExecuteNonQuery?

Community
  • 1
  • 1