c# - Select Statement is not being read but works fine before until the Insert INTO query -
need 1 select
statement cant read/execute anymore after placed insert into
activity log works fine before did wrong placements?
claylink.con.open(); string userid = txt_login.text; string password = txt_password.text; claylink.cmd = new sqlcommand("select usertype users username='" + userid + "'and password='" + password + "'", claylink.con); claylink.cmd = new sqlcommand("insert alog values ('" + txt_login.text + "','" + admin.lbl_username.text + "','" + admin.label7.text + "', 'login button click','')", claylink.con); datatable dt = new datatable(); claylink.adapter = new sqldataadapter(claylink.cmd); claylink.adapter.fill(dt); claylink.con.close(); try { if (dt.rows.count == 1) { if (dt.rows[0][0].tostring() == "administrator") { messagebox.show("successfully logged in administrator!"); admin.show(); claylink.con.close(); claylink.con.open(); string str = "select * users username = '" + txt_login.text + "'"; claylink.cmd = new sqlcommand(str, claylink.con); claylink.datareader = claylink.cmd.executereader(); claylink.datareader.read(); admin.lbl_username.text = claylink.datareader["firstname"].tostring(); admin.lbl_usertype.text = claylink.datareader["usertype"].tostring(); this.txt_login.clear(); this.txt_password.clear(); this.hide(); claylink.con.close(); } } }
you have these 2 lines of code:
claylink.cmd = new sqlcommand("select usertype users username='" + userid + "'and password='" + password + "'", claylink.con); claylink.cmd = new sqlcommand("insert alog values ('" + txt_login.text + "','" + admin.lbl_username.text + "','" + admin.label7.text + "', 'login button click','')", claylink.con);
you setting claylink.cmd
twice. value value second time.
other notes:
- use parameters instead of munging query strings input strings.
- don't pass unencrypted passwords arounds.
- list columns inserting when using
insert
.
Comments
Post a Comment