private void button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection("Data Source=DESKTOP-O72COGQ;Initial Catalog=ClinicManagementtest;Integrated Security=True");
con.Open();
SqlCommand sc = new SqlCommand("select Name ,Password from Registartion_form WHERE Name='" + textBox1.Text + "'and Password='" + textBox2.Text + "'", con);
SqlDataAdapter da = new SqlDataAdapter(sc );
DataTable dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count > 0)
MessageBox.Show("Login Success");
else
MessageBox.Show("Incorrect login");
}
}
Asked
Active
Viewed 49 times
-3
-
1what is the error you're getting? – Mridul Kashyap Jul 27 '16 at 07:12
-
3Welcome to the [Sql Injection party](http://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work). I hope you will not be harmed by this code – Steve Jul 27 '16 at 07:14
-
1Note this code is subject to Sql injection. Use SqlCommand with parameters instead of concatenation to avoid Sql injection. – Serg Jul 27 '16 at 07:16
-
after executing it shows error in da.fill(dt) sql expections was unhandled – Sagar S Jul 27 '16 at 07:16
-
and..? could you post that sqlException? a stack trace? – Mridul Kashyap Jul 27 '16 at 07:19
-
Check your tablename, & name , password cannot be empty – andy Jul 27 '16 at 07:19
-
no they are not empty – Sagar S Jul 27 '16 at 07:24
-
The exception message contains also an InnerException with the details of the error. This is the part of your exception that we need to know to be able to help. – Steve Jul 27 '16 at 07:29
-
what should i do ??got confused – Sagar S Jul 27 '16 at 07:31
-
@SagarS copy and paste the exception here. – Mridul Kashyap Jul 27 '16 at 08:30
-
http://i.stack.imgur.com/UcvJn.png @MridulKashyap – Sagar S Jul 27 '16 at 08:33
1 Answers
0
it says invalid object name. meaning the table you're trying to use in your sql query is not accessible by your code. can you make sure the table Registartion_form exists in the database you're connecting to?
also note, that you have written Registartion not Registration. notice the typing error "ar" instead of "ra"?
maybe that could be the cause of error. if in your sql server it's Registration and not Registartion.
Mridul Kashyap
- 704
- 1
- 5
- 12