tags:

views:

86

answers:

2
Q: 

What's wrong with my SQL statement, something isn't working.

I have this very simple method called to check if a user has a correct password. Any help on why it isn't working? This is for Microsoft SQL Server.

public bool UserNameExists()
    {
        using (SqlConnection con = new SqlConnection("CONNECTION STRING AQUI!"))
        {
            con.Open();
            try
            {
                using (SqlCommand command = new SqlCommand(string.Format("SELECT * FROM Policia WHERE NumeroPlaca = '{0}' AND Password = '{1}'", Session.Contents["username"], Session.Contents["password"]), con))
                {
                    SqlDataReader reader = command.ExecuteReader();
                    if (reader.FieldCount > 0)
                    {
                        return true;
                    } 
                    else 
                    {
                        return false;
                    }
                }
            }
            catch
            {

            }

            return false;
        }
    }
+4  A: 

FieldCount gets the number of columns in the current row, which will always be non-zero. You're looking for the number of rows in the result set. Use the HasRows property.

yodaj007  2010-06-03 22:21:17
Thank you that works fine. :D
Serg  2010-06-03 22:22:50
+3  A: 

You could also do:

"SELECT COUNT(*) FROM Policia..."

And then:

int result = Convert.ToInt32(command.ExecuteScalar());
if (result > 0)
{
  return true;
} 
else 
{
  return false;
}

Full code:

public bool UserNameExists()
{
  int result = int.MinValue;

  using (SqlConnection connection = new SqlConnection(_connectionString))
  {
    connection.Open();
    SqlCommand command = new SqlCommand();
    command.Connection = connection;
    command.CommandType = CommandType.StoredProcedure;
    command.CommandText = "SELECT COUNT(*) FROM Policia WHERE NumeroPlaca = @username AND Password = @password";
    command.Parameters.Clear();
    command.Parameters.Add("@username", SqlDbType.VarChar).Value = Session.Contents["username"];
    command.Parameters.Add("@password", SqlDbType.VarChar).Value = Session.Contents["password"];
    result = Convert.ToInt32(command.ExecuteScalar());
  }

  if (result > 0)
  {
    return true;
  }
  {
    return false;
  }
}
JohnB  2010-06-03 22:26:17

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?