c# - Exception: System.InvalidOperationException Trying to validate a login information -


i trying create login form. having problems database. have created windows form consists of user name , password, , login button. think statement : 

dataadapterobject.fill(datatableobject)

has error. using visual studio profesional 2013 update 4 , sql server 2014 enterprise editon.

the code follows :

using system; using system.collections.generic; using system.componentmodel; using system.data; using system.data.sqlclient; using system.drawing; using system.linq; using system.text; using system.threading.tasks; using system.windows.forms;  namespace society_accounting_software {  public partial class loginscreen : form {     sqlconnection databaseconnect = new sqlconnection();       public loginscreen()     {         sqlconnection databaseconnect = new sqlconnection();         databaseconnect.connectionstring = "data source=gaurav-pc;initial catalog=societyaccountingdatabase;integrated security=true";         initializecomponent();      }      private void label1_click(object sender, eventargs e)     {      }      private void form1_load(object sender, eventargs e)     {           sqlconnection databaseconnect = new sqlconnection("data source=gaurav-pc;initial catalog=societyaccountingdatabase;integrated security=true");          databaseconnect.open();      }     private void textbox1_textchanged(object sender, eventargs e)     {      }      private void label2_click(object sender, eventargs e)     {      }      private void textbox1_textchanged_1(object sender, eventargs e)     {      }      private void button1_click(object sender, eventargs e)     {         string querystring = "select userid,userpassword useraccounts userid='gaurav' ,  userpassword='test123'";         sqlconnection databaseconnect = new sqlconnection();         databaseconnect.connectionstring = "data source=gaurav-pc;initial catalog=societyaccountingdatabase;integrated security=true";         databaseconnect.open();         string username = usernametextbox.text;         string password = passwordtextbox.text;         sqlcommand sqlcommandobject = new sqlcommand("select userid,userpassword useraccounts userid='"+username+"' ,  userpassword='"+password+"'");         sqldataadapter dataadapterobject = new sqldataadapter(sqlcommandobject);         datatable datatableobject = new datatable();         dataadapterobject.fill(datatableobject);            if (datatableobject.rows.count > 0)         {             messagebox.show("login sucessful");             adminconsoleform adminconsole= new adminconsoleform();             this.hide();             adminconsole.show();          }         else         {             messagebox.show("invalid login name , password please try again!");          }          databaseconnect.close();             //adminconsoleform adminconsole= new adminconsoleform();         //this.hide();         //adminconsole.show();          } } }

can 1 help?

wherever possible should using database connections so.

using(var connection = new sqlconnection(connectionstring)) {     connection.open();     //... }

at moment randomly creating connections in various methods ontop of having connection field, pretty confusing.

you should not concatenating sql , should use parameterised queries

using(var connection= new sqlconnection(connectionstring)) {     connection.open();      var sql = @"select password users userid = @userid";      var command = new sqlcommand(sql, connection);     command.parameters.add("@userid", sqldbtype.varchar);     command.parameters["@userid"].value = username;      // .... }

passwords should never stored plaintext , should not able query password 'directly'. simple method of securing passwords hash password random salt, storing salt along hash in database.

you don't need datatable should have single row returned , datareader enough in scenario.

using(var connection= new sqlconnection(connectionstring)) {     connection.open();      var sql = @"select password, salt users userid = @userid";      var command = new sqlcommand(sql, connection);     command.parameters.add("@userid", sqldbtype.varchar);     command.parameters["@userid"].value = username;      using(var reader = command.executereader())     {         if (reader.read())         {             var password = reader.getstring(0);             var salt = reader.getstring(1);              return checkpassword(password, salt, pwrdtextbox.text);         }          debug.writeline("the user {0} not exist", username);         return false;     } }

i recommend reading through article salted password hashing - doing right on codeproject.


-

Popular posts from this blog

html/hta mutiple file in audio player -

ok started coding .hta application , pretty html page .hta extension , adde mp3 player , did work <object data="test.mp3" type="audio/mp3" width="200" height="40"> <param name="src" value="test.mp3"> <param name="autostart" value="0"> </object> but it's 1 song playing again , again , plz there way add multiple files playlist believe it's should added "src" parameters not sure, i'm starting did add "," in between , , tried ";" none of them working i'm waiting answers :d i wanna know if can show me how become familiar tag see it's helpful , powerful activex, audio,video,pdf .... files i'm waiting impatiently [i don't know object, plz plz more clear] get inspired example hta_audio_player.hta <html> <head> <title>hackoo audio player playlist hackoo 2014</title> <hta:app...
Read more

debugging - Reference - What does this error mean in PHP? -

what this? this number of answers warnings, errors , notices might encounter while programming php , have no clue how fix. community wiki, invited participate in adding , maintaining list. why this? questions "headers sent" or "calling member of non-object" pop on stack overflow. root cause of questions same. answers questions typically repeat them , show op line change in his/her particular case. these answers not add value site because apply op's particular code. other users having same error can not read solution out of because localized. sad, because once understood root cause, fixing error trivial. hence, list tries explain solution in general way apply. what should here? if question has been marked duplicate of this, please find error message below , apply fix code. answers contain further links investigate in case shouldn't clear general answer alone. if want contribute, please add "favorite" error message, warning or notic...
Read more