1
try
{
        string log = "SELECT * from rfidprototype.account where username ='" + USERNAME + "' and password = '" + PASS + "';";

        MySqlCommand cmd = new MySqlCommand(log, SQLconn);
        MySqlDataReader dRead;

        dRead = cmd.ExecuteReader();

        if (DRead.Read())
        {
            MenuHere form = new MenuHere();

            form.Show();
            form.ManageTile.Enabled = false;

            SQLconn.Close();
            DRead.Close();
        }
        else
        {
            MessageBox.Show("Incorrect Username or Password!");
            DiriLogin form = new DiriLogin();
            form.ShowDialog();
        }
    }
    catch(Exception ex)
    {
        MessageBox.Show(ex.Message);
    }
}
Soner Gönül
  • 97,193
  • 102
  • 206
  • 364
OneCodex
  • 15
  • 4
  • 1
    I cleaned up your code, but you question is still lacking enough information and context. Please add everything that can help us understand your problem. – fvu Feb 02 '16 at 12:27
  • Hi, OneCodex, and welcome to SO. In future questions, please correctly format your code before posting, and put the "questioning" part in the body, not the title. Also, pointing the line throwing the exception wouldn't hurt :) And refer to this link http://stackoverflow.com/help/how-to-ask – Eric Wu Feb 02 '16 at 12:29
  • 1
    Just swap `SQLconn.Close();` and `DRead.Close();` order. And of course read @Sonner Gonul answer – Pikoh Feb 02 '16 at 12:30
  • @fvu, beat me by 10 seconds :\ – Eric Wu Feb 02 '16 at 12:30
  • is `DRead.Read()` is same as `dRead.Read()` or it is typo?? – Jaydip Jadhav Feb 12 '16 at 14:46

1 Answers1

0

In your case, you try to close your connection while you read your reader.

Instead of using Close or Dispose methods manually, use using statement to dispose your connection, command and reader automatically.

But more important, you should always use parameterized queries. This kind of string concatenations are open for SQL Injection attacks.

And do not store your passwords as a plain text. Read: Best way to store password in database

using(var SQLconn = new MySqlConnection(conString))
using(var cmd = SQLconn.CreateCommand())
{
    // Set your CommandText property.
    using(var dRead = cmd.ExecuteReader())
    {
        // Do your stuff
    }
}

As a last thing, PASSWORD is a reserved keyword in MySQL. You might need to use it as between ` characters depending your database manager is case sensitive or not.

Community
  • 1
  • 1
Soner Gönül
  • 97,193
  • 102
  • 206
  • 364