-2

I'm working on my app and I wanted to add a login system. When I input username and password into textboxes and press the button, the app closes. It's not even crashing (at least I would get an error list), it just closes the same way as if I clicked the close button.

I tried things from this post, but it didn't work at all.

Here is my code to connect to database and get username and password:

   public partial class MainWindow : Window
    {
        public MainWindow()
        {
            InitializeComponent();                  
        }

        MySqlConnection connection = new MySqlConnection("SERVER=localhost;DATABASE=userdata;UID=root;PASSWORD=root");    

        private void Button_Click_1(object sender, RoutedEventArgs e)
        {
            MySqlCommand command = new MySqlCommand(
                "Select userLogin, userPassword FROM users.userdata WHERE userLogin = '" + loginIn.Text +
                "' AND userPassword = '" + passwordIn.Password + "'", connection);
            connection.Open();
            DataTable table = new DataTable();
            table.Load(command.ExecuteReader());
        }
    }

Is my code wrong or it is some mysql issue because I'm confused.

StackLloyd
  • 409
  • 2
  • 9
litseba
  • 7
  • 4
  • It's closing because it crashed. Read about `try` and `catch` and see what the exception is. https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/keywords/try-catch – TyCobb May 23 '19 at 15:47
  • That's how SQL injection attacks happen. Google for `Bobby Tables`. Imagine what would happen if someone enterd `' OR 1=1--` as a password. Or `' 1=1; drop table users.userdata --` – Panagiotis Kanavos May 23 '19 at 15:47
  • Not to mention saving passwords in plain text. – Chris White May 23 '19 at 15:48
  • You don't even need that type of credentials table in WPF. All Windows applications run under the logged-in user's account. You *already* know who the user is. Adding extra usernames and passwords doesn't increase security. In this case, since the passwords are unencrypted, it weakens the system considerably even if there's no SQL injection attack – Panagiotis Kanavos May 23 '19 at 15:50
  • As for why this code crashes, it could be because either the username or password contained characters that resulted in an invalid SQL statement. For example the name `O'Reilly` would create an invalid statement. `WHERE userLogin = 'O'Reilly ...`. At the very least use parameterized queries instead of string concatenation – Panagiotis Kanavos May 23 '19 at 15:51
  • Well thanks for all advices but I need a solution to that problem which is why my app is crashing after pressing login button. I have only one record in DB which login is 'sebalit' and password '1234' so there is no way that one of them is making sql statemant invalid. Can I somehow check am I connected to my server? Maybe it is MySQLConnection problem – litseba May 23 '19 at 16:09
  • As suggested, try enclosing the code into a full try-catch, catching and declaring the exception as in `catch (Exception ex)`, place a debug point at the beginning of the method, run the app and follow it step by step. If an exception is raised, analyze the `ex` variable to understand the cause, then please report back to us what came out if it. – StackLloyd May 23 '19 at 16:17

1 Answers1

0

After surrounding with try-catch I found out the cause of the error which was wrong database name.. Rookie's mistake it happens

litseba
  • 7
  • 4