I have a table with users and their roles (administrator and regular user), I need to make a login and password entry window. What happened, swears that it is not connected to the database.

try { string login = lTb.Text.Trim(); string password = pTb.Text.Trim(); string query = "SELECT COUNT(*) FROM dbo.Users WHERE login=" + login + " AND password=" + password; DataTable dt = new DataTable(); string connStr = @"Data Source=10.10.10.34;Initial Catalog=14IT-1-Domas;Persist Security Info=True;User ID=dom_an;Password=***********"; SqlConnection conn = new SqlConnection(connStr); conn.Open(); SqlDataAdapter adapter = new SqlDataAdapter(query, conn); adapter.Fill(dt); int count = Convert.ToInt32(dt.Rows[0][0].ToString()); if (count == 0) MessageBox.Show("Error!", "User not found!", MessageBoxButtons.OK, MessageBoxIcon.Error); else { MessageBox.Show("Success!", "Hello!", MessageBoxButtons.OK, MessageBoxIcon.Information); new Form1().Show(); } } catch { MessageBox.Show("Ошибка подключения базы данных", "Ошибка!", MessageBoxButtons.OK, MessageBoxIcon.Error); }
  • 3
    password = pTb.Text ... query = ... + password; - if you do not check what gets into the password, then you may get sql query with ; drop table ; drop table - Stack
  • To avoid injection, use SQLParameters and read technet.microsoft: SQL Injection - Stack Attack

1 answer 1

It is necessary to make the login window password.

There is a ready-made Microsoft Data Connection Dialog - for connecting to different databases. An example of use is here .