0

I'm trying to figure out how to get my user data from the user I login with. I know how to get all the data to a gridview but not how to get the specific data for the user that are logged into my program.

This is how I login if that can be to any use

SqlConnection con = new SqlConnection();
con.ConnectionString = "Data Source=(local);Initial Catalog=MyDb;Integrated Security=True";

con.Open();

string txtUs = TxtUser.Text; 
string txtPas = TxtPass.Text;

string query = "SELECT * FROM User WHERE Username=@user and Password =@pass";

SqlCommand cmd = new SqlCommand(query,con);
cmd.Parameters.Add(new SqlParameter("@user",txtUs));
cmd.Parameters.Add(new SqlParameter("@pass",txtPas));

SqlDataReader dr = cmd.ExecuteReader();

int count = 0;

while (dr.Read())
{
    count = +1;
}

if (count == 1)
{
    this.Hide();
    var main = new Main();
    main.Closed += (s, args) => this.Close();
    main.Show();
}
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Kalle
  • 21
  • 4
  • 3
    Can you please clarify your question? It is not clear what is wrong and what the question is. And don't store your passwords as a plain text. Read: http://stackoverflow.com/questions/1054022/best-way-to-store-password-in-database – Soner Gönül Feb 17 '15 at 15:23
  • Please tell us is this winforms or web forms ? – mybirthname Feb 17 '15 at 15:24
  • thanks i know but i have not fix that with the password yet. I want to get all the info about the user that are logged into my program to be shown in a window so the user can see it and also edit it. – Kalle Feb 17 '15 at 15:25
  • Assuming the information you want is in your User table, you can retrieve it easily, since the query you executed to validate the login brought back all fields (you did select * from User). So you can grab any field from the SqlDataReader you've created. I have to say as a means for logging in this looks extremely odd - and insecure as Soner Gönul points out. – Simon Woolf Feb 17 '15 at 15:27
  • yes i know i need to salting and hach the password but i'm new to programming so i haven't got that far in to it yet. this is a windowsform i'm using – Kalle Feb 17 '15 at 15:32

1 Answers1

0

First, your count = +1 should be count++. Now the count is reset on every iteration. Also, if you have an index on the user name, there is no need to check the number of rows.

Then you need to set an object or a set of variables to the values from the database, like this:

string username = null;
if (dr.Read())
{
    username = (string)dr["username"];
}

Then act accordingly. You could store these variables in a static member to keep it alive during execution of your application.

Patrick Hofman
  • 153,850
  • 22
  • 249
  • 325