-1

need some help im completely new to the database , i have made a server and a database now im trying to connect it with my c# code so that it verifies from the database before giving access to the main form, its giving this error : System.Data.SqlClient.SqlException: 'Incorrect syntax near 'tbl_LoginInfo'.'

setting up table values1

setting up table values2

my code:

private void Login_Button_Click(object sender, EventArgs e)
    {
        SqlConnection newconnect = new SqlConnection(@"Data Source=DESKTOP-3DH5S38\HR_SERVER;Initial Catalog=BMS_PRO_DB;Integrated Security=True");
        string query = "Select * tbl_LoginInfo where Username = '" + UserName_Textbox.Text.Trim()+ "'and Password = "+Password_Textbox.Text.Trim();
        SqlDataAdapter dataAdapter = new SqlDataAdapter(query, newconnect);
        DataTable dataTable = new DataTable();
        dataAdapter.Fill(dataTable);
        if (dataTable.Rows.Count==1)
        {
            this.Hide();
            MainForm mainForm = new MainForm();
            mainForm.ShowDialog();
            this.Close();
        }

        else
        {
            MessageBox.Show("Check Username/Password !");
        }
    }
Hassaan Raza
  • 91
  • 1
  • 11
  • 5
    You forgot the 'from' in your SQL right ;-) ? – Reno Oct 08 '17 at 15:17
  • 2
    Not only, also a space before password and probably a bunch of single quotes. Morale. Do not concatenate strings to build an sql command but use a parameterized query – Steve Oct 08 '17 at 15:21
  • 2
    Not only a parameterized query could save you from simple typos but will avoid serious problems with sql injection See the famous [Bobby Tables](https://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work) – Steve Oct 08 '17 at 15:23
  • :( i had those single quotes but still, i was having the problem if anyone could correct and rewrite the above code in proper manner i would definietly apperiate that. – Hassaan Raza Oct 08 '17 at 15:26
  • 2
    Don't store clear text passwords. Instead, store a salted hash. – Dan Guzman Oct 08 '17 at 15:26
  • 1
    ...and please read [ask] and take the [tour] – Ňɏssa Pøngjǣrdenlarp Oct 08 '17 at 15:53
  • 1
    What changes did you make to your code? Can you update the code here so that we know what you tried? – Chetan Oct 08 '17 at 16:00
  • i edited my question, that i had tried but no luck , so i found another way that i also posted in the form of answer below. – Hassaan Raza Oct 08 '17 at 16:46

1 Answers1

0

I change my code to this now it works perfectly:

SqlConnection connection = new SqlConnection("server=DESKTOP-3DH5S38\\HR_SERVER;database=BMS_PRO_DB;Integrated Security =true");

SqlCommand sqlCommand = new SqlCommand("Select * From tbl_LoginInfo where username=@user and password=@password", connection);
connection.Open();

sqlCommand.Parameters.AddWithValue("@user", UserName_Textbox.Text);
sqlCommand.Parameters.AddWithValue("@password", Password_Textbox.Text);

SqlDataReader dataReader = sqlCommand.ExecuteReader();

if (dataReader.HasRows == true)
{
    this.Hide();

    MainForm mainForm = new MainForm();
    mainForm.ShowDialog();

    this.Close();
}
else
{
    MessageBox.Show("Check Username/Password !");
}

I still don't know what was the problem there.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Hassaan Raza
  • 91
  • 1
  • 11
  • the first big difference, that solved your original problem, is `Select * From tbl_LoginInfo` vs the previous `Select * tbl_LoginInfo` – Gian Paolo Oct 08 '17 at 17:08