Try adding an extra bracket like this
var sql = "select * from Users_tbl WHERE ((([Email] = @EmailParam) OR ([UserID] = @UserIDParam)]) AND ([Password] = @PasswordParam))";
문제
I want to build login system in C# and using sql Data reader, like Facebook, user can login to its account by using Email or UserID and Password. I wrote this code but does not working what is my problem or can you recommending.
sql = "select * from Users_tbl WHERE (([Email] = @EmailParam) OR ([UserID] = @UserIDParam) AND ([Password] = @PasswordParam))";
SqlCommand cmd = new SqlCommand(sql, con);
SqlParameter uemail = new SqlParameter("@EmailParam", SqlDbType.NVarChar, 80);
uemail.Value = txtEmailUserID.Text.Trim().ToString();
cmd.Parameters.Add(uemail);
SqlParameter userid = new SqlParameter("@UserIDParam", SqlDbType.NVarChar, 50);
userid.Value = txtEmailUserID.Text.Trim().ToString();
cmd.Parameters.Add(userid);
SqlParameter upass = new SqlParameter("@PasswordParam", SqlDbType.NVarChar, 80);
upass.Value = txtPassword.Text.Trim().ToString();
cmd.Parameters.Add(upass);
SqlDataReader dr = cmd.ExecuteReader();
while(dr.read())
{
// session variables
}
해결책 2
Try adding an extra bracket like this
var sql = "select * from Users_tbl WHERE ((([Email] = @EmailParam) OR ([UserID] = @UserIDParam)]) AND ([Password] = @PasswordParam))";
다른 팁
This seems too simple. Try to experiment. Select the database. List the tables. Create the same type of query with the same input parameters using SQL management studio or LINQ-to-EF. At some point the problem will surface. Good luck.
I also looked at the operator precedence which does not appear to be the problem: http://technet.microsoft.com/en-us/library/ms190276.aspx