Error with cmd.ExecuteScalar() in Login and Sign-In Page for MS Access Database
I've created a login and a sign-in page where I connected to my MS Access database to add and retrieve data. When I try to sign in or log in, I encounter the same error at cmd.ExecuteScalar()
3 Replies
i dont know much about MS Access, but the query string u build is erroneous
select count(*) from login where username=shravanand password=9993
first of all notice that there is no space between shravan and and, so it doesnt recognize this as the boolean and operator
if u would fix that, it will most likely still complain about shravan because u use it like an identifier instead of a string value
basically ur query should look like
select count(*) from login where username='shravan' and password='9993'
this will work but is still problematic
if someone has a ' in there password this will break ur entire query again, u should check out how to do parameterized queries instead https://learn.microsoft.com/en-us/dotnet/api/system.data.oledb.oledbcommand.parameters?view=dotnet-plat-ext-8.0 (this has an c# code example)
and lastly: never ever store passwords as clear text, this is an extremely high security vulnerability.
passwords are salted, hashed and then that result is stored, so even if u get ur hands on the database u do not have any means to figure out the actual password (easily)
https://github.com/BcryptNet/bcrypt.net is an easy to use and still quite strong hasing algorithm for such stuffThank u dude that helps 👍🏻
I was learning these stuffs and i had ms access 2007 so i installed vs 2010
tbh, it would be better to learn such stuff on up to date software.
if u dont want to install a database server, u could use for example
SQLite, it is a similar SQL dialect to MS Access'
and is essentially a one file database where all the handling is done from within ur application (via a package) and it is quite similar to OLE DB drivers like the one u are using:
https://learn.microsoft.com/en-us/dotnet/standard/data/sqlite/?tabs=netcore-cli