Login MYSQL in C#

Question

Login MYSQL in C#

Asked 4 years, 9 months ago

Viewed 274 times

-1

I am a beginner in C#, I am trying to validate a user in a login form, but my code does not compare the result of SQL, allowing the access of the program without having the user and password registered in the database. How can I do this validation? Follow the code below.

class Validacao:Pessoas
{
    public void Login()
    {
        Conexao conexao = new Conexao();
        Conexao.Conectar();
        try
        {
            MySqlCommand comando = new MySqlCommand();
            //Comando SQL
            comando.CommandText = "select count(*)from `pessoas` where `Usuario` = '@Usuario' and `Senha` = '@Senha'";
            comando.Parameters.AddWithValue("@Usuario", Usuario);
            comando.Parameters.AddWithValue("@Senha", Senha);
            //Conectar com o banco
            comando.Connection = Conexao.Conectar();
            //Executar Comando
            bool resultado = comando.ExecuteReader().HasRows;
            if (resultado == true)
            { 
               Principal principal = new Principal();
               principal.Show();
            }
            else
            {
                MessageBox.Show("Usuário ou Senha inválidos", "Aviso", MessageBoxButtons.OK, MessageBoxIcon.Warning);
            }
        }
        catch (MySqlException er)
        {
            MessageBox.Show("Erro do Banco de dados " + er, "Aviso", MessageBoxButtons.OK, MessageBoxIcon.Error);
        }
        finally
        {
            Conexao.Desconectar();
            Conexao.Limpar();
        }
    }
}

}

Thanks for your help!

1 answer

Browser other questions tagged c# mysql

You are not signed in. Login or sign up in order to post.

by Guilherme Martin • **199** points · Answer 1 · 2019-09-27T16:24:30+00:00

The command you executed is a Count(*), if you need user data in the application the correct one would be:

select * from pessoas where Usuario = @Usuario and Senha = @Senha

Why then you would recover user data to use in the application.

The problem of the application always entering even with the incorrect login and password is due to the fact that the command you are running:

bool resultado = comando.ExecuteReader().HasRows;

this command always returns true because it expects a result or a null value, the correct would be to use the Executescalar command.

Follow below corrected code:

class Validacao:Pessoas
{
    public void Login()
    {
        Conexao conexao = new Conexao();
        Conexao.Conectar();
        try
        {
            MySqlCommand comando = new MySqlCommand();
            //Comando SQL
            comando.CommandText = "select * from `pessoas` where `Usuario` = '@Usuario' and `Senha` = '@Senha'";
            comando.Parameters.AddWithValue("@Usuario", Usuario);
            comando.Parameters.AddWithValue("@Senha", Senha);
            //Conectar com o banco
            comando.Connection = Conexao.Conectar();
            //Executar Comando
            var resultado = comando.ExecuteScalar();

            if (resultado != null)
            { 
               Principal principal = new Principal();
               principal.Show();
            }
            else
            {
                MessageBox.Show("Usuário ou Senha inválidos", "Aviso", MessageBoxButtons.OK, MessageBoxIcon.Warning);
            }
        }
        catch (MySqlException er)
        {
            MessageBox.Show("Erro do Banco de dados " + er, "Aviso", MessageBoxButtons.OK, MessageBoxIcon.Error);
        }
        finally
        {
            Conexao.Desconectar();
            Conexao.Limpar();
        }
    }
}