I have created a simple Username and Password login form in visual studio using c# which works great I then coded it so that whatever Username and Password was entered into the two textboxes was saved as a string... Now I want to pass those strings as parameters and store them into an SQL query... Any idea how I would go about doing this?
Asked
Active
Viewed 1,159 times
-3
-
Well, why don't ask google for something like "c# sql server parameterized query" first, then try to implement it according to examlples you'll found, and then (if you've stuck with something) - post your question at SO.... – Andrey Korneyev Oct 23 '15 at 09:26
-
3There are probably more examples of C# SQL code on the internet than there is porn. It shouldn't be hard to find what you want with a simple search! – musefan Oct 23 '15 at 09:28
-
Trust me there isnt! – Declan Tiff Oct 23 '15 at 09:34
-
You'll also want to do a search on "salted hashed passwords" as well - you should not be storing passwords plain-text :) – racraman Oct 23 '15 at 09:39
-
Oh no don't worry the passwords aren't going to be stored in plain text, I've created a code which applies an encryption key to the password to completely mask the original – Declan Tiff Oct 23 '15 at 09:43
-
[one](https://msdn.microsoft.com/en-us/library/fksx3b4f.aspx?f=255&MSPPError=-2147217396), [two](http://www.codeproject.com/Articles/837599/Using-Csharp-to-connect-to-and-query-from-a-SQL-da), [three](http://stackoverflow.com/questions/21709305/how-to-directly-execute-sql-query-in-c-have-example-batch-file), [four](http://stackoverflow.com/questions/3735531/sql-c-best-method-for-executing-a-query), [five](http://www.dotnetperls.com/sqlparameter), [six](http://www.rhyous.com/2010/05/28/how-to-query-a-database-in-csharp/)... – musefan Oct 23 '15 at 09:45
1 Answers
3
I would highly recommend NOT to store passwords as plain text. Instead look into hashed password methods.
Firstly you will need to specify a connection string. This can be done in the config file as:
<connectionStrings>
<add name="myConnectionString" connectionString="server=ServerAddress;database=myDb;uid=myUser;password=myPass;" />
</connectionStrings>
Now you want to read the connection string from your config file and you can do that in your C# code as:
string connectionString = ConfigurationManager.ConnectionStrings["myConnectionString"].ConnectionString;
I'm assuming you'll be inserting records. If you are going to update records, then you will need to change the query. For inserting records:
string myQuery = "INSERT INTO MyTable (UserNameColumn,PasswordColumn) VALUES (@UserName, @Password)";
Finally to execute the query and pass our parameters we can do
using (SqlConnection connection = new SqlConnection(connectionString))
{
using (SqlCommand cmd = new SqlCommand(myQuery, connection))
{
cmd.Parameters.Add("@UserName", SqlDbType.NVarChar).Value = UserNameTextBox.Text;
cmd.Parameters.Add("@Password", SqlDbType.NVarChar).Value = PasswordTextBox.Text;
connection.Open();
cmd.ExecuteNonQuery();
}
}
Dont forget to include the namespace using System.Configuration;
Izzy
- 6,740
- 7
- 40
- 84
-
-
@musefan I started programming for the first time on Monday... when I started my new job... this is my 5th day programming I don't think you have the right to call anyone an Idiot to be honest and I doubt anyone will listen to your answer if you just insult people. I have my full Cisco server engineer qualification... I'd like to see you wire, set-up and manage a server built through out a 40 thousand capacity stadium you "Idiot" – Declan Tiff Oct 23 '15 at 10:19
-
@musefan I'd rather take longer to make this answer decent then to have a conversation with you. – Declan Tiff Oct 23 '15 at 10:55
-
-
-
-
-
-