C# SqlDataReader = null?

Question

            String sqlCheckPass = 
"Select * from Login where Username like @Username and Password like @Password";
        SqlCommand SqlCom = new SqlCommand(sqlCheckPass, myConnection);
        SqlCom.Parameters.Add(new SqlParameter("@Username", sUserName));
        SqlCom.Parameters.Add(new SqlParameter("@Password", sPassword));

        myConnection.Open();
        SqlDataReader myreader;
        myreader = SqlCom.ExecuteReader();
        int id = -1;

ErrorBox.InnerHtml = "Username:" + sUserName + ":" + sPassword + ":<br/>";
while (myreader.HasRows)
{
    id = (int)myreader["id"];
    String sUser = (String)myreader["Username"];
    String sPass = (String)myreader["Password"];
    ErrorBox.InnerHtml += "UserId is <b>" + id + "</b> " + sUser + ":" + sPass + ":<br >";
    Session["LoginID"] = id;
    Server.Transfer(ReturnPage);

}
if (id == -1)
{
    ErrorBox.InnerHtml = "Incorrect Password";
}
myConnection.Close();
catch (Exception err)
{
    ErrorBox.InnerHtml = "Error Getting  Option ID" + err.Message;
}

I added a breakpoint at myreader = SqlCom.ExecuteReader(); and it keeps returning myreader as null and HasRows = False, but it does have rows. So, it keeps validating my login as incorrect since id = -1,

Help?

Answer 1

You didn't connect your reader to your SQL connection/command?

SqlConnection myConnection = new SqlConnection(myConnectionString);
SqlCommand myCommand = new SqlCommand(mySelectQuery, myConnection);
myConnection.Open();
SqlDataReader myReader = myCommand.ExecuteReader(CommandBehavior.CloseConnection);
while(myReader.Read()) 
{
   Console.WriteLine(myReader.GetString(0));
}
myReader.Close();

Answer 2

The problem might be the LIKE in your query with the SqlParameters. Try

String sqlCheckPass =  
"Select * from Login where Username like '%' + @Username + '%' and Password like '%' + @Password + '%'"; 

Answer 3

Bryan Denny's answer above is correct, however, I'll enclose all of the code inside using statements as shown below:

using (SqlConnection dataConnection = new SqlConnection(connectionString))
{
    using (SqlCommand SqlCom = dataConnection.CreateCommand())
    {
        SqlCom.CommandText = "Select * from Login where Username like @Username and Password like @Password";
        SqlCom.Parameters.Add(new SqlParameter("@Username", sUserName)); 
        SqlCom.Parameters.Add(new SqlParameter("@Password", sPassword)); 

        dataConnection.Open();
        SqlDataReader myreader; 
        myreader = SqlCom.ExecuteReader(); 
        dataConnection.Close();
    }
}

I didn't add all of your code to this snippet, I figured you get the idea.

Also, you could try modifying the select statement to return a count of records since this is all you need anyways, a number:

SELECT COUNT(*) FROM Login WHERE Username like @Username AND Password like @Password

Good luck!