I would like to create a simple registration form for WINDOWS application. I am using SQLite database which can be embedded into the project as I need to create a .exe file and mail it to my friend.
Now my registration form has 2 text boxes.
textBox1 for name
textBox2 for password
I need to insert these 2 values into the table and I have written the following code.
using Finisar.SQLite;
namespace Task_Sa
public partial class Form2 : Form
{
string connectionString;
public Form2()
{
InitializeComponent();
connectionString = #"Data Source=database.db;Version=3;New=True;Compress=True;";
}
private void button1_Click(object sender, EventArgs e)
{
using (SQLiteConnection sqlite_conn = new SQLiteConnection(connectionString))
{
SQLiteCommand cmd = new SQLiteCommand();
cmd.CommandText = #"INSERT INTO TaskTable(UserName,PassWord) values(#userName,#passWord)";
cmd.Connection = sqlite_conn;
cmd.Parameters.Add(new SQLiteParameter("#userName",textBox1.Text)); -> ERROR
}
}
}
}
here I am getting the error as the parameters are not matching. 2 parameters should be of type string and dbType. Please help me to complete the code in this regard. I have copied and pasted SQLite dll file in debug folder of my project and I also have used the " using Finisar.SQLite; " name space.
Try this
cmd.CommandText = "INSERT INTO TaskTable(UserName,PassWord) values('"+ textBox1.Text +"','"+ textBox2.Text +"')";
Add a blank space before TaskTable and values:
Your version:
cmd.CommandText = #"INSERT INTO TaskTable(UserName,PassWord) values(#userName,#passWord)";
Modified version:
cmd.CommandText = #"INSERT INTO TaskTable (UserName,PassWord) values (#userName,#passWord)";
Related
Probably the worst part about using Microsoft Access and SQL is trying to connect through the OLEDB connection. The code is on the one drive and has been working without issue but this morning it has came up with this error;
"System.InvalidOperationException: 'The 'Microsoft.ACE.OLEDB.12.0' provider is not registered on the local machine.'"
Previously I was able to change the CPU from any to x86 which sometimes seemed to fix the problem but now it is not. I am running System.Data.OleDb 7.0.0 which I have not changed since starting this protect.
using System.Data.OleDb;
using System.Data;
using System;
namespace LOGIN_TAKE_FIVE
{
public partial class Form1 : Form
{
OleDbConnection connection = new OleDbConnection();
public Form1()
{
InitializeComponent();
connection.ConnectionString = (#"Provider=Microsoft.ACE.OLEDB.12.0; Data Source=C:/Users/kiera/LOGIN TAKE FIVE/bin/Debug/net6.0-windows/dbNumber2.accdb");
}
private void btnAdd_Click(object sender, EventArgs e)
{
connection.Open();
OleDbCommand cmd = new OleDbCommand();
string encryptUser = EncryptString(tbUsername.Text);
string encryptPassword = EncryptString(tbPassword.Text);
string regSQL = "INSERT INTO Users ([Username], [Password]) VALUES ('" + encryptUser + "', '" + encryptPassword + "')";
cmd = new OleDbCommand(regSQL, connection);
cmd.ExecuteNonQuery();
connection.Close();
}
this code was working in full no less than 5 days ago so I am unsure what the problem is. Any help would be greatly appreciated.
I’m very new to ASP.net and have been following a few video tutorials to build a log in page. I successfully created my registration page fine that enters details into my table within the database fine however I can't get my log in page to work =/.I’ve been at this for a few hours and am not sure if any of you can help but it's worth a shot. The IDE I am using is visual studio (latest version).
I am getting the following error (clicking the image will give a closer view, but you probably already know that):
the error changes depending on who I try to log on as for example the above error was returned when trying to log in as john, the below error was returned trying to log in as admin.
shown below is my code used behind the log in button:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button2_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
conn.Open();
string checkuser = "select count(*) from [Table] where [Login]'" + Loginbox.Text + "'";
SqlCommand com = new SqlCommand(checkuser, conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
conn.Close();
if (temp == 1)
{
conn.Open();
string CheckPasswordQuery = "select Password from [Table] where [Login]='" + Loginbox.Text + "'";
SqlCommand Passcom = new SqlCommand(CheckPasswordQuery, conn);
string password = Passcom.ExecuteScalar().ToString().Replace(" ","");
if (password == Passwordbox.Text)
{
Session["New"] = Passwordbox.Text;
Response.Write("Password is correct");
}
else
{
Response.Write("Wrong password");
}
}
else {
Response.Write("User name does not exist");
}
}
}
Shown below is the form page view, which runs perfectly fine, the error gets returned when the log in button is pressed.
Shown below is the table definition:
And shown below is the data contained within the table:
Thank you all for your time and I appreciate any input any of you have to help solve this.
You have invalid syntax in your query. Please note that while many tutorials may show you to query like this, it's very insecure. You should use parameters. However, for the sake of this answer, you forgot the equal sign:
string checkuser = "select count(*) from [Table] where [Login] = '" + Loginbox.Text + "'";
Your syntax is incorrect, but it is actually safer if you parameterize it to avoid sql injection
string checkuser = "select count(*) from [Table] where [Login] = #user";
SqlCommand com = new SqlCommand(checkuser, conn);
com.Parameters.Add("#user", Loginbox.Text);
...
I have written this simple code in c# VS 2010 to store the name and login to my local table. When i run it is shows me this massage:
"incorrect syntax near the nvarchar"
using System;
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
}
private void button1_Click(object sender, EventArgs e)
{
string name =textBox1.Text;
string login =textBox2 .Text;
string sqlquery;
SqlConnection cn = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename= C:\\Users\\Safeen\\Documents\\Visual Studio 2010\\Projects\\WindowsFormsApplication12\\WindowsFormsApplication12\\Database1.mdf;Integrated Security=True;User Instance=True");
cn.Open();
sqlquery = "INSERT INTO Table1 (user, password) VALUES ('" + name + "','" + login + "')";
try
{
SqlCommand command = new SqlCommand(sqlquery, cn);
command.Parameters.AddWithValue("#user ", textBox1.Text);
command.Parameters.AddWithValue("#password ", textBox2.Text);
command.ExecuteNonQuery();
MessageBox.Show("Table1 Added");
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
textBox1.Clear();
textBox2.Clear();
cn.Close();
}
}
You're providing multiple values for your parameters.
You're saying the db value of user = name and password = login, then ALSO passing in two parameters called #user and #password, without telling SQL which set is correct.
You definitely want to go with SqlCommand option and also set the SqlCommand.CommandType to the correct value. Assigning parameters like this is safe; dropping variables directly into the VALUES() clause (like you had in your original post) can open yourself to SQL Injection attacks.
I edited out a recommendation to use Stored Procs here. That's more of a personal preference I have, as per the little discussion in the comments; I like to separate out my database layer. Also, it means that if anything ever changes you just have to update your Stored Proc once instead of finding your query everywhere it could be in your app.
I am trying to rebuild an application that originally used sqlite to now use 'localdb'. (I want an application that can create its own database locally and at runtime without requiring a pre-installed instance of sql server or sql express on the target machine)
I want to move away from using a 'third party' library (sqlite) as experience has told me it can be a pain to get it working from scratch, and towards something supposedly more straightforward to get up and running from scratch.
Using code copied (and slightly modified) from the web I have managed to create an mdf file dynamically/programmatically, but I am puzzled by what happens if I run it more than once, even if I choose a new filename each time. Namely it seems to somehow keep the changes/additions made on each run. Below is the relevant code...
public partial class Form1 : Form
{
SqlConnection conn;
public void CreateSqlDatabase(string filename)
{
string databaseName =
System.IO.Path.GetFileNameWithoutExtension(filename);
conn = new SqlConnection(
String.Format(
#"Data Source=(LocalDB)\v11.0;Initial Catalog=master;Integrated Security=True"
));
conn.Open();
using (var command = conn.CreateCommand())
{
command.CommandText =
String.Format(
"CREATE DATABASE {0} ON PRIMARY (NAME={0}, FILENAME='{1}')"
, databaseName, filename);
command.ExecuteNonQuery();
command.CommandText =
String.Format("EXEC sp_detach_db '{0}', 'true'", databaseName);
command.ExecuteNonQuery();
}
conn.Close();
}
private void button1_Click(object sender, EventArgs e)
{
if (openFileDialog1.ShowDialog() == DialogResult.OK)
{
CreateSqlDatabase(openFileDialog1.FileName);
}
}
private void button2_Click(object sender, EventArgs e)
{
conn.Open();
SqlCommand comm = conn.CreateCommand();
comm.CommandText =
"create table mytable (id int, name nvarchar(100))";
comm.ExecuteNonQuery();
comm.CommandText =
"insert into mytable (id,name) values (10,'testing')";
comm.ExecuteNonQuery();
comm.CommandText = "select * from mytable";
SqlDataReader reader = comm.ExecuteReader();
while (reader.Read())
{
textBox1.Text +=
reader["id"].ToString() + ", " + reader["name"].ToString() + "\r\n";
}
conn.Close();
}
}
If I run the app once It runs through fine.
If I run the app a second time, and choose a different filename for the database it tells me 'mytable' already exists.
If I comment out the create table code it runs, but the select query returns multiple rows indicating multiple inserts (one for each time the app runs)
I am just seeking to understand why this happens. Do I need to delete database/table each time if I want the app to behave as if it has created the database/table from scratch on each subsequent run?
You have initial catalog 'master' in your connection string. Are you sure you haven't created the tables in the master database instead of the newly created database?
After the creation & detach of the database file, you could try and change your connection to:
SqlConnection con = new SqlConnection(#"Data Source=(LocalDB)\v11.0;Integrated Security=True;AttachDbFilename=c:\xxx\xxx\xxx.mdf");
I'm trying to create a Registration Page using Webforms that'll connect to a MySQL databse and insert the data, but it throws up an ArgumentException (even though I believe I'm following my tutorial exactly) and will not insert the data into the table.
My C# code for the Registration page is thus:
public partial class Registration : System.Web.UI.Page
{
MySql.Data.MySqlClient.MySqlConnection conn;
MySql.Data.MySqlClient.MySqlCommand cmd;
String queryStr;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void registerEventMethod(object sender, EventArgs e)
{
registerUser();
}
private void registerUser()
{
String connString =
System.Configuration.ConfigurationManager.ConnectionStrings["WebAppConnString"].ToString();
conn = new MySql.Data.MySqlClient.MySqlConnection(connString);
conn.Open();
queryStr = "";
queryStr = "INSERT INTO seniorschema.registration (Password1, Email, FirstName, LastName, Password2, Code)" +
"VALUES('" + PasswordTextBox1.Text +"','"+ EmailTextbox.Text +"','"+ firstNameTextBox.Text+"','"+ LastNameTextBox.Text + "' ,'"+ PasswordTextBox2.Text +"', '"+ CodeTextBox.Text + "' )";
cmd = new MySql.Data.MySqlClient.MySqlCommand(queryStr, conn);
cmd.ExecuteReader();
conn.Close();
}
}
And my connection in the WebConfig file is here:
<connectionStrings>
<add name="WebAppConnString"
connectionString="server=localhost;ID=webuser;pwd=password;database=seniorschema;"
providerName="MySql.Data.MySqlClient"/>
</connectionStrings>
Any Help would be most appreciated. Thanks!
I don't know what tutorial you are reading but they should never teach to use string concatenation when building an sql command text.
However, the error you get is from the connectionstring.
You should write
String connString =ConfigurationManager.ConnectionStrings["WebAppConnString"].ConnectionString;
There is also an error in the definition of the connectionstring in the web.config ( a typo?)
It is Uid=.... not ID=....
And here how I would write the code that add the record.
using MySql.Data.MySqlClient;
....
queryStr = #"INSERT INTO seniorschema.registration
(Password1, Email, FirstName, LastName, Password2, Code)
VALUES(#pwd, #email, #first, #last, #pwd2, #code";
using(MySqlConnection conn = new MySqlConnection(connString))
using(MySqlCommand cmd = new MySqlCommand(queryStr, conn))
{
conn.Open();
cmd.Parameters.AddWithValue("#pwd",PasswordTextBox1.Text);
cmd.Parameters.AddWithValue("#email",EmailTextbox.Text );
cmd.Parameters.AddWithValue("#first",firstNameTextBox.Text);
cmd.Parameters.AddWithValue("#last",LastNameTextBox.Text );
cmd.Parameters.AddWithValue("#pwd2",PasswordTextBox2.Text );
cmd.Parameters.AddWithValue("#code",CodeTextBox.Text);
int rowAdded = cmd.ExecuteNonQuery();
}
This approach remove the string concatenation with all the complexities required to correctly code the quotes around the values, also removes any possibility of Sql Injection
Finally, but this is really an argument too broad and not immediately linked to your question.
It is a bad practice, from a security standpoint, to store passwords in clear text. If someone could get a copy of or read the registration table, he/she will be able to read the passwords of all users registered. There are proven methods that store an hash of the password to make them unreadable to onlookers