Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, September 2, 2013 5:03 PM
Well, I'll start of by pasting my code here:
private void button2_MouseClick(object sender, MouseEventArgs e)
{
// essensial database connection commands exist in the form
int exist = 0;
string pw = null;
try
{
con.Open();
cmd = new SqlCommand("select * from eOfficeUsers", con);
SqlDataReader r = cmd.ExecuteReader();
while (r.Read())
{
if (textBox1.Text == r["Username"].ToString()) // this does not work even if the 2nd part of the comparison does read the data from the column and I could print them on screen using a message box
{
exist = 1;
pw = r["Password"].ToString(); // (1)
}
}
con.Close();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
if (exist == 1)
{
if ( textBox2.Text == pw) // apparently this wouldn't work too if command (1) was executed
{
button1.Visible = true;
textBox1.Visible = false;
textBox2.Visible = false;
button2.Visible = false;
button3.Visible = false;
button4.Visible = false;
Form2.Show();
}
else
{
MessageBox.Show("Wrong combination. Please insert correct username and password.");
}
textBox1.Text = "Username";
textBox2.Text = "Password";
}
else
{
MessageBox.Show("The username you entered does not exist.");
textBox1.Text = "Username";
}
}
I tried some stuff but nothing worked since this code is supposed to be ok in related topics on the internet. But, the comparison in the first if command does not work, so exist variable never changes to 1 and password data never gets read.
Only thing i observed was that type of text boxes is actually an array of strings, and if there is just one line then the text box is of type string[] with zero columns. But i don't know what to do with that. Just textBox#.Text is supposed to be a string.
Anyway. Data in the database are of type nchar. I'm using Visual Studio 2010 Express and the SQL Server that came with it.
In the meanwhile I am more than capable of inserting data in the database, so no problem with the connection as you can imagine.
Any help would be very appreciated! Thanks.
All replies (10)
Monday, September 2, 2013 6:33 PM ✅Answered
try the following code
if(textBox1.Text.ToLower().Trim()==r["UserName"].ToString().Tolower().Trim();
If working markup as answer
Monday, September 2, 2013 7:01 PM ✅Answered | 1 vote
And it did the job! So, just to be exact what worked was:
if ( textBox1.Text.ToLower().Trim() == r["Username"].ToString().ToLower().Trim() )
:)
I still don't fully get the reason why, but what the heck. :P
Thank you so much for you rapid responces guys!! Have a good night!
Monday, September 2, 2013 9:25 PM ✅Answered
Trim removes leading and trailing spaces from a string. You shouldn't lowercase strings to compare them as it doesn't work for all languages. You should use String.Compare for case insensitive searches. If you need to trim the strings (generally you don't) then you'd do this:
String.Compare(textBox1.Text.Trim(), r["UserName"].ToString().Trim(), true) == 0
Michael Taylor
http://msmvps.com/blogs/p3net
Monday, September 2, 2013 5:33 PM
String comparisons are case sensitive. Therefore the value entered in the textbox must exactly match the column value that you specified. If you want a case insensitive search then use
String.Compare(textBox1.Text, r["UserName"].ToString(), true) == 0
This returns true if the strings match case insensitively. You'll likely want to do the same thing for the second comparison later on.
You should also consider using bool instead of int for your exists variable. It would be cleaner to use true/false rather than 0 or 1.
Michael Taylor
http://msmvps.comm/blogs/p3net
Monday, September 2, 2013 6:14 PM
i tried it. didn't work. i don't know if you saw my previous reply before i deleted it. ... i thought that if it was a case sensitivity problem then it would have a meaning if the character data in the database actually get saved in caps. i tried entering values that exist in the database all in caps but again it didn't work. it must be something else.
Monday, September 2, 2013 6:15 PM
Hi,
I'm sure this is just an exercise to get started understanding C# and database interaction. I just wanted to remind you that there are a number of things in the example that you would not want to do in "production". If you would like me to elaborate, let me know.
One thing I recommend as it has a number of benefits is to switch to a parameterized SQL statement that seeks a single row with a matching username and password.
jon.stromer.galley
Monday, September 2, 2013 6:22 PM
:/ I know about the security holes. This is just for a forms project where we are tested in human computer interaction. choosing to add a users database for signing up and logging in is allready a huge upgrade compared to the goals of the project. But i'll try parameters, see if this works. Thank you. :)
Monday, September 2, 2013 7:08 PM
thanks dear have a nice night
Tuesday, September 3, 2013 10:26 AM
I tried this today and it worked too. :) So, it had nothing to do with case sensitivity. I think the problem was that using nchar(r) as data type in the database for those fields, when the characters are less than r it still keeps the space of r characters, where the string length from the text boxes goes according to the number of character the user puts in.
Well thanks again. :)
Tuesday, September 3, 2013 1:45 PM
That is correct. char(n) and nchar(n) are fixed length strings. If you do not provide a string with the exact length then it is padded. In general you only use those types for very small strings that are always the same length (i.e. codes). In all other cases you use either varchar(n) or nvarchar(n) which are variable length up to the given length. They will not be padded. In either case though case insensitive comparison is common for things like user names.
Michael Taylor
http://msmvps.com/blogs/p3net