Wednesday, March 28, 2012

query problem using sqldatareader

I'm having some trouble reading data from a query. This has to do with a previous posting here:view post 504339

I have corrected that problem but I now only get the response "wrong password" even though the right password is entered. Here is the new code for the click subrouthine. You will notice two different scenarios with one commented out. Both do not work. I created label1 to display the password and it is show correctly. What am I doing wrong?


Private Sub btnSubmit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnSubmit.Click
Dim test As String
SqlConnection1.Open()
SqlCommand1.Parameters.Item("@.email").Value = txtUsername.Text
Dim dr As SqlDataReader = SqlCommand1.ExecuteReader
If dr.Read() Then
test = CStr(dr("pass"))
Label1.Text = test
'If dr("pass").ToString = txtPassword.Text Then
'lblMessage.Text = "login successful"
'Else
' lblMessage.Text = "Wrong password"
'End If
If String.Compare("test", "txtPassword.text") = 0 Then
lblMessage.Text = "login successful"
Else
lblMessage.Text = "Wrong Password"
End If
Else
lblMessage.Text = "Please register"
End If
dr.Close()
SqlConnection1.Close()
End Sub
Your problem is you are mixing up literals and variables. test and txtPassword.text arevariables and as such, you need to compare just their values. By using quotes, you are comparing theirnames, which will never be equal.

If String.Compare(test, txtPassword.text) = 0 Then

That said, the way you are storing passwords in clear text is a bad idea. I would strongly consider looking at hashing the password and storing only the hash.On this page is a link to aspform.zip, and aspform.txt which contain source from an article I did in Dr. Dobb's covering this.|||Ooops. I did remove the quotes. I forgot to type that in as well and remove them. Even so...with that change, the line exactly as typed above, it still doesn't work. Same prompt everytime..."wrong password"|||Then either debug the code and do a watch on the values, or do a Response.Write() of each of the values to see what they are. If they are in fact not equal, then the first step is to track back in the code and figure out why not.

No comments:

Post a Comment