0

I am a begginer at programming in C# and MySQL. I have defined an int x; in my code. I want to change the value of x to 1 or 0, whether the user has isOver18 set to 1 or 0. If anybody could drop a line of code, that would be greatly appreciated.

My snippet of code:

private void button1_Click(object sender, EventArgs e)
{
    i = 0;
    x = 0;
    con.Open();
    MySqlCommand cmd = con.CreateCommand();
    cmd.CommandType = CommandType.Text;
    cmd.CommandText = "SELECT * FROM users WHERE username ='"+TextBox1.Text+"' and password='"+TextBox2.Text+"'";
    cmd.ExecuteNonQuery();
    
    DataTable datbs = new DataTable();
    MySqlDataAdapter da = new MySqlDataAdapter(cmd);
   
    datbs.Fill(dt);
    i = Convert.ToInt32(dt.Rows.Count.ToString());
   
    con.Close();

    if (i == 0) {
        MessageBox.Show("Invalid username or password", "Invalid data", MessageBoxButtons.OK, MessageBoxIcon.Error);       
    } else if (x == 1) {
        MessageBox.Show("The account associated with provided data is under 18.", "Information", MessageBoxButtons.OK, MessageBoxIcon.Information);
    } else {
        MessageBox.Show("Your account is over 18 and everything is as it should be.", "Successful connection", MessageBoxButtons.OK, MessageBoxIcon.Information);
    }
}
}
}
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
bro24s
  • 1
  • 1
  • please add the code that you have to your question – nbk Jul 19 '20 at 09:53
  • I have added the code. – bro24s Jul 19 '20 at 09:58
  • Partly. Could you please do something like this with my code? – bro24s Jul 19 '20 at 10:14
  • your code is vulnerable to sqö inejction so please use prepared statements with parameters like https://dev.mysql.com/doc/connector-net/en/connector-net-programming-prepared-preparing.html also please don't use plain text passwords at all – nbk Jul 19 '20 at 10:26
  • I used the article that person provided and it fixed my problem. [I am gonna fix the SQL Injection don't worry] – bro24s Jul 19 '20 at 10:29
  • also see here how you can access the row cell that is also possilbe ti get it by name https://stackoverflow.com/questions/9022118/access-cell-value-of-datatable – nbk Jul 19 '20 at 10:36

0 Answers0