validation of data with sql and c#

Question

i've been struggling to understand how to validate data i entered in an input in an .aspx webform, say username and password, i've tried many things, tried reading about it and looking for solutions but all of them are really messy with a lot of things i don't really need. It is for a school project in my school and i already set up a working database, and i already made a register page, that works and it submits it to the database.

Our teachers supplied us with a DalAccess file, that is stored in the App_Data folder in my project. This is the code inside of it:

public class DalAccess
{
private OleDbConnection conn;
private OleDbCommand command;
private OleDbDataAdapter adapter;

public DalAccess(string strQuery)
{
  string ConnectionString = string.Format(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\Database.accdb");
    conn = new OleDbConnection(ConnectionString);
    command = new OleDbCommand(strQuery, conn);
    adapter = new OleDbDataAdapter(command);
}

 public DataSet GetDataSet(string strSql)
{
    DataSet ds = new DataSet();
    command.CommandText = strSql;
    adapter.SelectCommand = command;
    adapter.Fill(ds);
    return ds;
}
 public int InsertUpdateDelete(string strSql)
 {
     int rowsAffected;
     this.conn.Open();
     OleDbCommand cmd = new OleDbCommand(strSql, conn);
     rowsAffected = cmd.ExecuteNonQuery();
     conn.Close();
     return rowsAffected;
 }
}

Note: i am a complete beginner and have no idea what does anything in that code means.

So, i wrote these lines of code in the aspx.cs page behind

{
public DataSet ds ;
protected void Page_Load(object sender, EventArgs e)
{
    if (IsPostBack) { 
        string loginid = Request.Form["loginid"];
        string loginpw = Request.Form["loginpw"];

        string sqlS = "Select IDD,Pass from UserInfo where IDD = '"+ loginid + "'";
        DalAccess dal = new DalAccess(sqlS);
        ds = dal.GetDataSet(sqlS);

    }

}

}

And if i wrote it correctly i selected the two tabs of the row that the value of IDD(ID of the user) in the table is loginid. Problem is, i can't figure out how to take that data i selected and compare it to the things entered into the inputs and to check if they match.

I'd greatly appreciate if someone were to go as far as explain to me what everything does, since my teacher hasn't got a lot of time to give to all the students, but an example and a simple explanation will work for me too.

Important note!: I know if i make it parameterized it is safe against sql injection, which i did not do, but this part of the project is not for the purpose of security, which we will have a part for it too, and we will learn.

Thanks in advance.

you mean you want to pass the userid and password entered by the user to the DB and want to check against it? — threeleggedrabbit, Dec 24 '14 at 11:39
Well, generally, that's what i want to do unless it's really not safe and there's something i just don't know... — Yuval Roth, Dec 24 '14 at 11:42

score 0 · Accepted Answer · edited May 23 '17 at 12:28

0

when water rises above the level of the noses, only those will survive, who know how to swim, isn’t it?

Technically we will go for stored procedure to validate the login[as best practices].In the link the its very clear that you can do it with minimal coding.

How to validate login and pass userID

Updated:

ok, if we want to do it in your way.

In the code behind inside the method

     private void ValidateLogin()
        {
                string uname = "Hsakarp";//I have hard-coded the value to make it simple
                string pwd = "12345";
                string sqlS = "Select UserName,Password from Login where UserName = '" + uname + "' and Password = " + pwd;
        DalAccess dal = new DalAccess();
                    DataSet ds = dal.GetDataSet(sqlS); //GetDataset is gonna return the ds
                    for (int i = 0; i < ds.Tables[0].Rows.Count; i++)
                    {
                        if (ds.Tables[0].Rows[i]["UserName"].ToString().Trim() == uname && ds.Tables[0].Rows[i]["Password"].ToString().Trim() == pwd)
//Check whether the username and password exists.
                            Label1.Text = "Login Successfull";
                        else
                            Label1.Text = "Login failed";
                    }
}

edited May 23 '17 at 12:28

Community

1
1

answered Dec 24 '14 at 12:02

threeleggedrabbit

1,722
2
28
60

As i explained i do not use the "newer" sql method or how ever you want to call it, that is this "sqlconnector" and such... I too, could've copy pasted that answer you did but it wouldn't contribute to me at all. i specifically asked how do i do it with the things i already have, which is the DalAccess file, and what i wrote. Sorry, but your answer did not contribute at all + I specifically said i didn't want to do it with parameters. – Yuval Roth Dec 24 '14 at 12:15
I'd appreciate if you put a little more effort into helping me and giving examples and explaining the steps rather than just pasting a big block of messy code that i barely understand what to do with , thanks. – Yuval Roth Dec 24 '14 at 12:18
I am not sure why you want to pass the command text in the DALAccess - in my local i removed the reference – threeleggedrabbit Dec 24 '14 at 13:08
I want to use the dalaccess because that's a school project and those are the demands. – Yuval Roth Dec 25 '14 at 06:37
the above is using DALAccess class.that will suit your requirement – threeleggedrabbit Dec 26 '14 at 05:42

validation of data with sql and c#

1 Answers1