473,503 Members | 1,649 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Problem with login code

I am tring to create a very simple login page that asks for an email address
and password and compares the password entered to the password in the
accounts table to authenticate the user. I get the following error when
trying use executereader():

System.Data.SqlClient.SqlException: The column prefix 'asmussen@cableone'
does not match with a table name or alias name used in the query.

string mySelectQuery = "SELECT AccountID, Email, Password FROM Accounts
WHERE Email = " + Email.Text;

System.Data.SqlClient.SqlCommand myCommand = new
System.Data.SqlClient.SqlCommand(mySelectQuery, sqlConnection1);

sqlConnection1.Open();
myReader = myCommand.ExecuteReader();

if (Password.Text == myReader["Password"])
{
Session["Login"] = myReader["Email"];
Session["AccountID"] = myReader["AccountID"];
}
else
{
lblStatus.Text = "Login Failed";
}

myReader.Close();
sqlConnection1.Close();

Any ideas?
Thanks, Justin.
Nov 18 '05 #1
4 1215
Quotes need to go around the string parameter in your query.
So your first line needs to look like this:
string mySelectQuery = "SELECT AccountID, Email, Password FROM Accounts
WHERE Email = '" + Email.Text +"'";

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net


"Justin" <Ju****@discussions.microsoft.com> wrote in message
news:5A**********************************@microsof t.com...
I am tring to create a very simple login page that asks for an email
address
and password and compares the password entered to the password in the
accounts table to authenticate the user. I get the following error when
trying use executereader():

System.Data.SqlClient.SqlException: The column prefix 'asmussen@cableone'
does not match with a table name or alias name used in the query.

string mySelectQuery = "SELECT AccountID, Email, Password FROM Accounts
WHERE Email = " + Email.Text;

System.Data.SqlClient.SqlCommand myCommand = new
System.Data.SqlClient.SqlCommand(mySelectQuery, sqlConnection1);

sqlConnection1.Open();
myReader = myCommand.ExecuteReader();

if (Password.Text == myReader["Password"])
{
Session["Login"] = myReader["Email"];
Session["AccountID"] = myReader["AccountID"];
}
else
{
lblStatus.Text = "Login Failed";
}

myReader.Close();
sqlConnection1.Close();

Any ideas?
Thanks, Justin.

Nov 18 '05 #2
Justin,
You may want to look into adding parameters to your query (check out
the SqlParameter object). When you create a string on the fly for a query
and pass it to a command object it's probably suject to a SQL Injection
Attack, which means a moderately skilled hacker could get all the user
accounts by adding some carefully crafted SQL statements into your Email
textbox and have them displayed for him right from your system.

Hope this helps,
Mark Fitzpatrick
Microsoft MVP - FrontPage

"Justin" <Ju****@discussions.microsoft.com> wrote in message
news:5A**********************************@microsof t.com...
I am tring to create a very simple login page that asks for an email
address
and password and compares the password entered to the password in the
accounts table to authenticate the user. I get the following error when
trying use executereader():

System.Data.SqlClient.SqlException: The column prefix 'asmussen@cableone'
does not match with a table name or alias name used in the query.

string mySelectQuery = "SELECT AccountID, Email, Password FROM Accounts
WHERE Email = " + Email.Text;

System.Data.SqlClient.SqlCommand myCommand = new
System.Data.SqlClient.SqlCommand(mySelectQuery, sqlConnection1);

sqlConnection1.Open();
myReader = myCommand.ExecuteReader();

if (Password.Text == myReader["Password"])
{
Session["Login"] = myReader["Email"];
Session["AccountID"] = myReader["AccountID"];
}
else
{
lblStatus.Text = "Login Failed";
}

myReader.Close();
sqlConnection1.Close();

Any ideas?
Thanks, Justin.

Nov 18 '05 #3
Thanks for the help guys. I put quotes around the variable but the results
remian the same. Why is the last part of the email get chopped off (should be
as******@cableone.net not asmussen@cableone)?

I haven't tried using parameter yet, can you point to more info. or a
tutorial on using select parameters?

Thanks, Justin.

"Justin" wrote:
I am tring to create a very simple login page that asks for an email address
and password and compares the password entered to the password in the
accounts table to authenticate the user. I get the following error when
trying use executereader():

System.Data.SqlClient.SqlException: The column prefix 'asmussen@cableone'
does not match with a table name or alias name used in the query.

string mySelectQuery = "SELECT AccountID, Email, Password FROM Accounts
WHERE Email = " + Email.Text;

System.Data.SqlClient.SqlCommand myCommand = new
System.Data.SqlClient.SqlCommand(mySelectQuery, sqlConnection1);

sqlConnection1.Open();
myReader = myCommand.ExecuteReader();

if (Password.Text == myReader["Password"])
{
Session["Login"] = myReader["Email"];
Session["AccountID"] = myReader["AccountID"];
}
else
{
lblStatus.Text = "Login Failed";
}

myReader.Close();
sqlConnection1.Close();

Any ideas?
Thanks, Justin.

Nov 18 '05 #4
Try this:

In SQL:

CREATE PROC getLoginInfo
@Email nvarchar(50)
AS
SELECT
AccountID,
Email,
Password
FROM
Accounts
WHERE
Email = @Email

---
In code:
SqlCommand cmd = new SqlCommand();

cmd.CommandText = "getLoginInfo";
cmd.CommandType = CommandType.StoredProcedure;
cmd.Connection = new SqlConnection(<connection string>);

cmd.Parameters.Add("@Email", SqlDbType.NVarChar);
cmd.Parameters["@Email"].Value = Email.Text

There's an easier way to do this, but it requires special casting when
an integer parameter is 0 that I would just assume not do.

However, it is done like this:
cmd.Parameters.Add("@Email", Email.Text);

Then read from your data reader as normal.

That may not compile but it will get you started anyway.

James

Justin wrote:
I haven't tried using parameter yet, can you point to more info. or a
tutorial on using select parameters?

Nov 18 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
7
11858
isset(), empty(), $_GET and $_POST problem
by: Dan | last post by:
I was trying to troubleshoot a login page that doesn't work - it keeps saying the login/password is missing - when my tracing discovered this peculiar behavior. register_globals is off, so at...
PHP
9
2621
php sessions problem - wrong logic maybe
by: Bartosz Wegrzyn | last post by:
I need help with sessions. I createt set of web site for nav with authorization. first I go into main.php which looks like this: <?php //common functions include_once '../login/common.php';...
PHP
0
1769
Login Redirection Problem from Office XP Apps
by: Mike | last post by:
I can not figure out what is going on here. I hope somebody can please help!!! I've got an intranet ASP3 application running on a Win2k server. This application requires a login, so the user...
ASP / Active Server Pages
2
1703
Problem in forms auth, not going back to members page
by: Senthil | last post by:
1. Created a new C# web application project 2. Change the name of webform1 to login.aspx 3. And in the .cs file change the name of the class to login, and include System.web.security namespace....
.NET Framework
1
3345
vb.net and asp.net problem
by: Darren Brook | last post by:
Hi I have an asp.net 2.0 project and am experiencing a problem. In the project, I am trying to make use of Membership. I have one Role, called "Basic User" and two users - "admin" and...
Visual Basic 4 / 5 / 6
0
863
ASP.Net Problem (VB.Net)
by: Darren Brook | last post by:
Hi I have an asp.net 2.0 project and am experiencing a problem. In the project, I am trying to make use of Membership. I have one Role, called "Basic User" and two users - "admin" and...
Visual Basic .NET
0
872
ASP.Net Problem
by: Darren Brook | last post by:
Hi I have an asp.net 2.0 project and am experiencing a problem. In the project, I am trying to make use of Membership. I have one Role, called "Basic User" and two users - "admin" and...
.NET Framework
2
2475
asp.net problem
by: MS News Public | last post by:
Hi I have an asp.net 2.0 project and am experiencing a problem. In the project, I am trying to make use of Membership. I have one Role, called "Basic User" and two users - "admin" and...
ASP.NET
0
1229
forms security problem
by: Sergio E. | last post by:
Hello, I have a problem with masterpages and forms security. I made a new Web site, in which I have my page login.aspx as the homepage , a master page with only a sitemappath object in it, the...
ASP.NET
2
1272
gridview problem
by: yogarajan | last post by:
hello friend i need urgent help this is my aspx page <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Reguserdetailstest.aspx.cs" Inherits="Reguserdetailstest" %> <!DOCTYPE html...
C# / C Sharp
0
7198
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7271
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
1
6979
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
7449
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
1
4998
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
4666
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3149
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1498
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
0
373
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us