MySqlDataReader doesnt read

Question

So, I'm making a small application for my company, letting users login and access specific data, however, on the server side, which queries the database, the MySqlDataReader doesnt read, as I pointed out in the following code:

public string HandleLogin(string uname, string pwd)
    {
        MySqlDataReader READER;
        int count = 0;
        int clearance = 0;
        if (uname == "" || pwd == "")
            return "";
        CONN = new MySqlConnection();
        CONN.ConnectionString = Config.CONNSTRING;
        string query = "select * from members where username='" + uname + "' and password='" + pwd + "'";
        try
        {
            CONN.Open();
            COMMAND = new MySqlCommand(query, CONN);
            READER = COMMAND.ExecuteReader();
            while(READER.Read())
            {
                count = count + 1; //<-- this should happen, but it doesnt
                if (count == 1)
                    clearance = READER.GetInt32("clearance");
                else
                    return "";
            }
            if (count == 1)
                return Convert.ToString(clearance);
            else
                return "";
        }
        catch(Exception ex)
        {
            Console.WriteLine(ex.Message);
            return "";
        }
        finally
        {
            CONN.Dispose();
        }
    }

I am sure it should read 1 row, asking the amount of rows it found, it said 0, but I triple checked all the values and they match the database values exactly, but it reads no rows for the query. This might be a very stupid mistake but I'm not able to find the problem.

Print and verify the sql text is correct. Look for any whitespaces inside uname / pwd variables. — Cinchoo, Sep 29 '16 at 19:01
@RajNagalingam It is correct, @ devlincarnate There is, but the password is hashed in the database and before the server receives it and @ SomeUser hmmm thanks, i will certainly look into it — Matthias Hoste, Sep 29 '16 at 19:22
Not directly related to your question, but I suggest you use parameterized sql query in your code. http://stackoverflow.com/questions/7505808/why-do-we-always-prefer-using-parameters-in-sql-statements — YuvShap, Sep 29 '16 at 19:26
Print the sql sent to server {COMMAND.CommandText } and execute it from external tool and be sure that it returns data. — M.Hassan, Sep 29 '16 at 19:39
@M.Hassan Okay I did it, in MySql Workbench it returns the row that it should return — Matthias Hoste, Sep 29 '16 at 19:42

score 0 · Accepted Answer · answered Sep 29 '16 at 20:02

So, I placed a breakpoint again and rechecked the variables, the variables are good with Console.WriteLine, but, in the query it looks like this:

"select * from members where username='matthias' and password='M20UjefsltnFCTDsCL1temvFOtBcnN8gNtGbQevVTkkG8jCXZlbxQ3ykOTx0fV4Ls2VnAzOzx2F5CTY+jEDSzg==\0\0\0\0'"

But it should be: "select * from members where username='matthias' and password='M20UjefsltnFCTDsCL1temvFOtBcnN8gNtGbQevVTkkG8jCXZlbxQ3ykOTx0fV4Ls2VnAzOzx2F5CTY+jEDSzg=='"

Because of the data encryption between client and server and the padding it adds \0\0\0\0 to the end, I should've seen this earlier, thanks to those who wanted to help me, I solved it by adding this function before the query:

pwd = pwd.Replace("\0", "");

MySqlDataReader doesnt read

1 Answers1