Wednesday, March 28, 2012

query problem using sqldatareader

I'm having some trouble reading data from a query. This has to do with a previous posting here:view post 504339

I have corrected that problem but I now only get the response "wrong password" even though the right password is entered. Here is the new code for the click subrouthine. You will notice two different scenarios with one commented out. Both do not work. I created label1 to display the password and it is show correctly. What am I doing wrong?


Private Sub btnSubmit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnSubmit.Click
 Dim test As String
 SqlConnection1.Open()
 SqlCommand1.Parameters.Item("@.email").Value = txtUsername.Text
 Dim dr As SqlDataReader = SqlCommand1.ExecuteReader
 If dr.Read() Then
 test = CStr(dr("pass"))
 Label1.Text = test
 'If dr("pass").ToString = txtPassword.Text Then
 'lblMessage.Text = "login successful"
 'Else
 ' lblMessage.Text = "Wrong password"
 'End If
 If String.Compare("test", "txtPassword.text") = 0 Then
 lblMessage.Text = "login successful"
 Else
 lblMessage.Text = "Wrong Password"
 End If
 Else
 lblMessage.Text = "Please register"
 End If
 dr.Close()
 SqlConnection1.Close()
 End Sub
Your problem is you are mixing up literals and variables. test and txtPassword.text arevariables and as such, you need to compare just their values. By using quotes, you are comparing theirnames, which will never be equal.

If String.Compare(test, txtPassword.text) = 0 Then

That said, the way you are storing passwords in clear text is a bad idea. I would strongly consider looking at hashing the password and storing only the hash.On this page is a link to aspform.zip, and aspform.txt which contain source from an article I did in Dr. Dobb's covering this.|||Ooops. I did remove the quotes. I forgot to type that in as well and remove them. Even so...with that change, the line exactly as typed above, it still doesn't work. Same prompt everytime..."wrong password"|||Then either debug the code and do a watch on the values, or do a Response.Write() of each of the values to see what they are. If they are in fact not equal, then the first step is to track back in the code and figure out why not.

Posted by disciplevbni at 7:37 AM
Labels: , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)