0

I've got a basic Database in C# which is created dynamically in a separate class. I am able to populate the database but I'm not so sure how to read the data from it to allow authentication

The database is on Microsoft Access.

I've tried using sql data adaptor (maybe this is wrong), and I think I need to make it so the SQL executed is a query (Currently, the command.ExecuteNonQuery(); is in action

        private void btn_login_Click(object sender, EventArgs e)
    {
        string Username = txt_loginusername.Text;
        string UserPassword = txt_loginpassword.Text;

        string _SqlString = "SELECT * FROM Users WHERE Username='" + Username + "' AND UserPassword='" + UserPassword + "'";

        SqlDataAdapter sd = new SqlDataAdapter(_SqlString, Database.CONNECTION_STRING);

        DataTable dt = new DataTable();
        sd.Fill(dt);

        if(dt.Rows.Count == 1)
        {
            FrmMain FrmMain = new FrmMain();
            this.Hide();
            FrmMain.Show();
        }
        else
        {
            MessageBox.Show("Error");
        }                     
    }
Xeocas
  • 1
  • There are many SQL data adaptors out there, for diferent databases, but you are using `SqlDataAdapter` and that is SQL Server data adapter. You should do an OleDB data adapter. You know, Microsoft's big ego, they called Sql Server related classes with the prefix "Sql". yeah, you have tons of SQL databases, but they caller their main SQL product "Sql" in their API – Cleptus Dec 03 '21 at 10:19
  • 1
    BTW, do not code SQL statements doing string concatenation, you are getting into a security vulnerability called SQL Injection, you should check into "Parametrized queries". Check [Bobby tables](https://bobby-tables.com/) example. – Cleptus Dec 03 '21 at 10:22
  • @Cleptus Thanks so much!! I have it working now!! I'll take a look into Parametrized queries too! – Xeocas Dec 03 '21 at 10:39
  • 1
    If you're learning, install SQLServer Express and get into a good tutorial on Entity Framework Core; it'll be a better spend of time (from a current skills/modern database access methods/commercializing your talents/getting a job perspective) I think than learning Access and button click handlers full of SQL strings. If you want to polish your SQL skills, do it in SSMS connected to your SQLExpress – Caius Jard Dec 03 '21 at 10:55
  • @Xeocas In the official .net API reference the [OleDbDataAdapter](https://learn.microsoft.com/en-us/dotnet/api/system.data.oledb.oledbdataadapter?view=netframework-4.7.2) does use parameters in their code sample. You may find that page useful to look for documentation/examples. Do note that Access does not allow "named parameters", so the order in which the parameters are added does really matter. – Cleptus Dec 03 '21 at 11:21
  • The following may be helpful: https://stackoverflow.com/questions/70040215/oledbdataadapter-fill-and-oledbdatareader-takes-3-5-minutes-to-fill/70209998#70209998 – Tu deschizi eu inchid Dec 03 '21 at 15:23

0 Answers0