How to store UserID in a class when they sing in?

Question

I am trying to store the UserID in a global class as the user logs in to their account however i am getting an error.

error: 'Incorrect syntax near 'UserID'. Unclosed quotation mark after the character string '0'.'

Sign in button back-end code:

 SqlDataAdapter sda = new SqlDataAdapter("SELECT * FROM tblUser WHERE Username='" + tb_LoginUsername.Text + 
                "' AND Password='" + tb_LoginPassword.Text + "'UserID='"+User.UserID , sqlConnection) ;
            /* in above line the program is selecting the whole data from table and the matching it with the user name and password provided by user. */
            DataTable dt = new DataTable(); 
            sda.Fill(dt);
            if (dt.Rows.Count > 0)
            {
               User.UserID = int.Parse(dt.Rows[0]["UserID"].ToString());

               MainWindow mainWin = new MainWindow();
               mainWin.Show();
               this.Close();
            }
            else
            {
                MessageBox.Show("Login Failed");
            }

class:

 class User
    {
        public static int UserID;
    }

1. You have an unclosed quote at the end of the query. 2. Is the id *really* a string? 3. Absolutely don't ever ever use user input to form a query string! Use parameters. Your query will break with a password that has a quote in it, and worse your database will break if anyone does simple sql-injection. — iakobski, Jan 26 '20 at 17:16
@iakobski its not a string. Im just trying to get the userID so that i can use it after. — WoterMelan, Jan 26 '20 at 17:20
So it won't work with quotes round it then. But MOST OF ALL read my point 3 very carefully. — iakobski, Jan 26 '20 at 17:21
@iakobski ye i know all about that wham but that aint important for this at allll. — WoterMelan, Jan 26 '20 at 17:22
Change line 2 to `"' AND Password='" + tb_LoginPassword.Text + "' AND UserID="+User.UserID` — iakobski, Jan 26 '20 at 17:28
@iakobski well ye the UserID in the database is not a string and then you said is the ID really a string and i said no — WoterMelan, Jan 26 '20 at 17:34
So if it's not a string in the database, you don't need quotes round it. If you put quotes the query will fail. Here's a tip: assign the query you build to a variable. Put a breakpoint or print out the string to the console. Copy the string to your database query window and see if it runs. You will soon see how to fix it. — iakobski, Jan 26 '20 at 17:37
If you would just [use parameters](https://stackoverflow.com/questions/7505808/) in your query this problem, and many others, will not happen. — Dour High Arch, Jan 26 '20 at 17:39

score 0 · Accepted Answer · answered Jan 26 '20 at 18:06

0

SqlDataAdapter sda = new SqlDataAdapter("SELECT * FROM tblUser WHERE Username='" + tb_LoginUsername.Text + 
                "' AND Password='" + tb_LoginPassword.Text + "'", sqlConnection) ;
            /* in above line the program is selecting the whole data from table and the matching it with the user name and password provided by user. */
            DataTable dt = new DataTable(); 
            sda.Fill(dt);
            if (dt.Rows.Count > 0)
            {
               User.UserID = int.Parse(dt.Rows[0]["UserID"].ToString());

               MainWindow mainWin = new MainWindow();
               mainWin.Show();
               this.Close();
            }
            else
            {
                MessageBox.Show("Login Failed");
            }

removed :

"'UserID='"+User.UserID

answered Jan 26 '20 at 18:06

WoterMelan

63
8

@CodingYoshi well it fixed the code so ye u just do. – WoterMelan Jan 26 '20 at 18:40
Nevermind, I just saw you have `UserName` in your query already so `UserID` shouldn't have been there to begin with. – CodingYoshi Jan 26 '20 at 18:51
1

Here is a universal password for your application anyone can use for login. Enter any user name and for password enter `universal' or 1=1 --`. Instead of `universal`, you can actually use any other word too. – CodingYoshi Jan 26 '20 at 19:01

How to store UserID in a class when they sing in?

1 Answers1