User login like facebook by email or userid and password in C# using sql data reader?

StackOverflow https://stackoverflow.com/questions/22125234

Question

I want to build login system in C# and using sql Data reader, like Facebook, user can login to its account by using Email or UserID and Password. I wrote this code but does not working what is my problem or can you recommending.

 sql = "select * from Users_tbl WHERE (([Email] = @EmailParam) OR ([UserID] = @UserIDParam) AND ([Password] = @PasswordParam))";

SqlCommand cmd = new SqlCommand(sql, con);

SqlParameter uemail = new SqlParameter("@EmailParam", SqlDbType.NVarChar, 80);
                    uemail.Value = txtEmailUserID.Text.Trim().ToString();
                    cmd.Parameters.Add(uemail);

SqlParameter userid = new SqlParameter("@UserIDParam", SqlDbType.NVarChar, 50);
                    userid.Value = txtEmailUserID.Text.Trim().ToString();
                    cmd.Parameters.Add(userid);

SqlParameter upass = new SqlParameter("@PasswordParam", SqlDbType.NVarChar, 80);
                    upass.Value = txtPassword.Text.Trim().ToString();
                    cmd.Parameters.Add(upass);

 SqlDataReader dr = cmd.ExecuteReader();

while(dr.read())
{
// session variables
}
Était-ce utile?

La solution 2

Try adding an extra bracket like this 

var sql = "select * from Users_tbl WHERE ((([Email] = @EmailParam) OR ([UserID] = @UserIDParam)]) AND ([Password] = @PasswordParam))";

Autres conseils

This seems too simple. Try to experiment. Select the database. List the tables. Create the same type of query with the same input parameters using SQL management studio or LINQ-to-EF. At some point the problem will surface. Good luck.

I also looked at the operator precedence which does not appear to be the problem: http://technet.microsoft.com/en-us/library/ms190276.aspx

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top