• This is a read only backup of the old Emudevs forum. If you want to have anything removed, please message me on Discord: KittyKaev

SQL c#

Mathias

Mathias

Exalted Member
Hey i am learning to use MySQL and C# together so my first app is a login form where you can registrer and login

the registrer i did fine.. but when i got to login it was confusing. and what i get confused with is not the scripts but the SQL

if you see here

my Login DB has this two strings

accountName, accountPsw
those are the script converting the "SQL Query" to strings
Code: 
			string accountName= reader.GetString(0);
			string accountUsr= reader.GetString(1);

but i dont know how to select

i tried something like this but it didnt want it

Code: 
query = "SELECT accountName, accountPsw FROM accounts WHERE accountName=''+accUsr+", accountPsw ="+accPsw+";

accUsr, accPsw are those who holds what is in the textboxes
 
Tommy

Tommy

Founder
I wrote a small example for you in a C# console application.

Code: 
using System;
using System.Data;
using MySql.Data.MySqlClient;

namespace MySqlExample
{
    class Program
    {
        static void Main(string[] args)
        {
            string connectionStr =  "Server=127.0.0.1;User Id=root;Port=3306;Password=root;Database=elunaauth;";
            string query = "SELECT `id`,`username` FROM account";
            using (MySqlConnection conn = new MySqlConnection(connectionStr))
            {
                try
                {
                    conn.Open();
                    using (MySqlCommand sqlCommand = new MySqlCommand(query, conn))
                    {
                        using (MySqlDataReader reader = sqlCommand.ExecuteReader(CommandBehavior.Default))
                        {
                            while (reader.Read())
                            {
                                Console.WriteLine(reader.GetInt32(0).ToString() + " :: " +reader.GetString(1));
                            }
                        }
                    }
                }
                catch (Exception ex)
                {
                    Console.WriteLine(ex.Message);
                }
            }
            Console.ReadLine();
        }
    }
}

4awVOmU.png
 
darksoke

darksoke

OnTop500
you can do something like this
Code: 
        private void button1_Click(object sender, EventArgs e)
        {
            try
            {
              [COLOR="#FFFFFF"] string conn = "server=localhost;user=root;password=ascent;database=Users;";
                MySqlConnection myconn = new MySqlConnection(conn);
                MySqlCommand readLogin = new MySqlCommand("SELECT * FROM users WHERE USERNAME='" + username_txt.Text + "' and PASSWORD='" + password_txt.Text + "';", myconn);
                MySqlDataReader myReader;[/COLOR]

               [COLOR="#FF8C00"] myconn.Open();
                myReader = readLogin.ExecuteReader();

                int count = 0;[/COLOR]
                while (myReader.Read())
                {
                    count = count + 1;
                }
                if (count == 1) 
                {
                    if ((MessageBox.Show("Autentificaion succeed","SUCCES!",MessageBoxButtons.OK,MessageBoxIcon.Information)==DialogResult.OK))
                    {
                        [COLOR="#FF0000"]Do here some work if user press OK[/COLOR]
                    }
                }
                else if (count > 1)
                {
                    MessageBox.Show("There can't be 2 accounts with the same name in database please update your tables","INFO",MessageBoxButtons.OK,MessageBoxIcon.Information);
                }
                else
                {
                    MessageBox.Show("Wrong username or password","US/PW",MessageBoxButtons.OK,MessageBoxIcon.Stop);
                    myconn.Close();
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
        }

INT count -> return if your database have corrupted data like 2 usernames with same data
 
Jameyboor

Jameyboor

Retired Staff
darksoke said:
you can do something like this
Code: 
        private void button1_Click(object sender, EventArgs e)
        {
            try
            {
              [COLOR="#FFFFFF"] string conn = "server=localhost;user=root;password=ascent;database=Users;";
                MySqlConnection myconn = new MySqlConnection(conn);
                MySqlCommand readLogin = new MySqlCommand("SELECT * FROM users WHERE USERNAME='" + username_txt.Text + "' and PASSWORD='" + password_txt.Text + "';", myconn);
                MySqlDataReader myReader;[/COLOR]

               [COLOR="#FF8C00"] myconn.Open();
                myReader = readLogin.ExecuteReader();

                int count = 0;[/COLOR]
                while (myReader.Read())
                {
                    count = count + 1;
                }
                if (count == 1) 
                {
                    if ((MessageBox.Show("Autentificaion succeed","SUCCES!",MessageBoxButtons.OK,MessageBoxIcon.Information)==DialogResult.OK))
                    {
                        [COLOR="#FF0000"]Do here some work if user press OK[/COLOR]
                    }
                }
                else if (count > 1)
                {
                    MessageBox.Show("There can't be 2 accounts with the same name in database please update your tables","INFO",MessageBoxButtons.OK,MessageBoxIcon.Information);
                }
                else
                {
                    MessageBox.Show("Wrong username or password","US/PW",MessageBoxButtons.OK,MessageBoxIcon.Stop);
                    myconn.Close();
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
        }

INT count -> return if your database have corrupted data like 2 usernames with same data
Click to expand...
This way is not SQL injection safe, just letting you know.
 
darksoke

darksoke

OnTop500
well there's nothing safe about .net appi :| is preety hard to encrypt a program but annyway depend on how you table look i just wrote this as an example
 
Foereaper

Foereaper

Founder
darksoke said:
well there's nothing safe about .net appi :| is preety hard to encrypt a program but annyway depend on how you table look i just wrote this as an example
Click to expand...

Decompiling the binary wasn't the issue he was talking about, but the way your queries are handled :)
 
darksoke

darksoke

OnTop500
well i use it on a simple program and with few checks it is preety safe :D plus that's the only command wich handle the query "MySqlCommand" and yeah probably the way i use it is not the best one :|
 
Tommy

Tommy

Founder
darksoke said:
well i use it on a simple program and with few checks it is preety safe :D plus that's the only command wich handle the query "MySqlCommand" and yeah probably the way i use it is not the best one :|
Click to expand...

Doesn't matter if it is simple or not, the way you introduced your code is flawed and it isn't safe at all. Showing the messagebox isn't safe when querying since it stops the user while you're accessing data within your query. You're missing 'myconn.Close();' after everything is finished querying, so the connection will stay opened allowing for injections. You should also use the 'using' statement as it doesn't require for you to call '.Close();'.
 
You must log in or register to reply here.
Top