0

I'm a beginner to C# so help would be much appreciated. I'm attempting to code a logging in system but I can only successfully log in with the first line of data (username=admin , password=admin). I can't seem to log in from other data in the database (username=bryan , password=123). This is the code.

    searchOLEDB.CommandText = "SELECT * FROM LOGIN where Username='" + LoginIDTextBox.Text + "' AND Password='" + LoginPasswordTextBox.Text + "'";
        searchOLEDB.Connection = cnnOLEDB;
        OleDbDataReader dr = searchOLEDB.ExecuteReader();
        if (dr.Read())
        {
            MessageBox.Show("Logged In");
        }
        else
        {
            MessageBox.Show("Invalid Password");
        }
        dr.Close();
ascripter
  • 5,665
  • 12
  • 45
  • 68
anonymous23
  • 55
  • 2
  • 9

1 Answers1

0

First, you should never concatenate sql query like you did. This will allow SQL Injection. You should use parameters.

See this post for examples : using parameters inserting data into access database

P.S. I would also recommend to not store password in clear into your database.

DanB
  • 2,022
  • 1
  • 12
  • 24