C#.Net & MySQL Database Login error how to fix

Question

Pro devs, I have a problem with my code in c#.net and I knew you can help me. the problem is in the Login code, every time I entered a value that is existed in the database it says "Username or password is incorrect" and when I entered a value that does not exist in the DB it says again "Username or password is incorrect" please help me thank you.

I have tried to edit the query and remove the open close in the asterisk but the output is the same.

public void checkLoginAccount()
    {
        frmMain frmLogin = new frmMain();
        con = new MySqlConnection();
        con.ConnectionString = "server=localhost;userid=root;password=alpine;port=3305;database=pos_db;pooling=false;SslMode=none";

        con.Open();
        string qry = "SELECT COUNT(*) FROM pos_db.tbllogin WHERE BINARY Username=@user AND BINARY Password=@pass";
        MySqlCommand cmd = new MySqlCommand(qry, con);
        cmd.Parameters.AddWithValue("@user", frmLogin.txtUsername.Text);
        cmd.Parameters.AddWithValue("@pass", frmLogin.txtPassword.Text);

        int count = Convert.ToInt32(cmd.ExecuteScalar());

        if (count != 0)
        {   
            MessageBox.Show("Welcome");
        }
        else
        {
            MessageBox.Show("Either username or password is incorrect!");
            return;
        }
        con.Close();
        con.Dispose();
    }

https://stackoverflow.com/questions/1054022/best-way-to-store-password-in-database — mjwills, Jun 24 '19 at 11:45

score 4 · Accepted Answer · answered Jun 24 '19 at 11:31

4

You are creating a new form instance in your function:

 frmMain frmLogin = new frmMain();

So the username and password are always empty here:

cmd.Parameters.AddWithValue("@user", frmLogin.txtUsername.Text);
cmd.Parameters.AddWithValue("@pass", frmLogin.txtPassword.Text);

You need to use the right instance of your form.

answered Jun 24 '19 at 11:31

Elias N

1,430
11
19

Basic debugging checking the variable value. Good catch. – xdtTransform Jun 24 '19 at 11:35
Elias N What do you mean I need to use the right instance of my form? – Mark Nartea Jun 25 '19 at 01:42
I remove the new form instance "frmMain frmLogin = new frmMain" and use the original name of my form and I get a syntax error shows "An object reference is required for the non-static field, method, or property". – Mark Nartea Jun 25 '19 at 02:43

score -1 · Answer 2 · answered Jun 24 '19 at 11:42

Try reading the rows and count in the code. That should look something like this:

string qry = "SELECT Username FROM pos_db.tbllogin WHERE BINARY Username=@user AND BINARY Password=@pass";
        MySqlCommand cmd = new MySqlCommand(qry, con);
        cmd.Parameters.AddWithValue("@user", frmLogin.txtUsername.Text);
        cmd.Parameters.AddWithValue("@pass", frmLogin.txtPassword.Text);

        mySqlDataReader reader = cmd.ExecuteReader();
        if(reader.Read() == true)
        {
            MessageBox.Show("Welcome");
        }
        else
        {
            MessageBox.Show("Either username or password is incorrect!");
            return;
        }

C#.Net & MySQL Database Login error how to fix

2 Answers2