Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SQL Datareader only checks first line in database

Posted on 2007-11-15
7
Medium Priority
?
424 Views
Last Modified: 2008-02-01
Hi

I am building a .net website and want to be able to use a login control to access a page where the username and password are taken from an existing database.

The code I have used is below:


Now this works great.... as long as you are the first person in the database table. For some reason the datareader doesn't read all the rows to match the username and password entered.

Any help would be greatly appreciated.
Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As AuthenticateEventArgs) 
    Dim Authenticated As Boolean = False 
    Authenticated = SiteLevelCustomAuthenticationMethod(Login1.UserName, Login1.Password) 
    e.Authenticated = Authenticated 
    If Authenticated = True Then 
        Response.Redirect("Home.aspx") 
    End If 
End Sub 
 
Private Function SiteLevelCustomAuthenticationMethod(ByVal UserName As String, ByVal Password As String) As Boolean 
    Dim boolReturnValue As Boolean = False 
    ' Insert code that implements a site-specific custom 
    ' authentication method here. 
    ' This example implementation always returns false. 
    Dim strConnection As String = "server=dtpxp-skumari;database=master;uid=sa;pwd=;" 
    Dim Connection As New SqlConnection(strConnection) 
    Dim strSQL As String = "Select * From Employee" 
    Dim command As New SqlCommand(strSQL, Connection) 
    Dim Dr As SqlDataReader 
    Connection.Open() 
    Dr = command.ExecuteReader() 
    While Dr.Read() 
        If (UserName = Dr("name").ToString()) And (Password = Dr("Password").ToString()) Then 
            boolReturnValue = True 
        End If 
        Dr.Close() 
        Return boolReturnValue 
    End While 
End Function

Open in new window

0
Comment
Question by:DJFuller
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 143

Assisted Solution

by:Guy Hengel [angelIII / a3]
Guy Hengel [angelIII / a3] earned 332 total points
ID: 20288236
you close the datareader and return inside the while loop... bad move.
While Dr.Read()         
  If (UserName = Dr("name").ToString()) And (Password = Dr("Password").ToString()) Then        
     boolReturnValue = True       
  End If        
End While 
Dr.Close()         
Return boolReturnValue     

Open in new window

0
 
LVL 53

Assisted Solution

by:Dhaest
Dhaest earned 332 total points
ID: 20288239
Dr = command.ExecuteReader()    
While Dr.Read()        
   If (UserName = Dr("name").ToString()) And (Password = Dr("Password").ToString()) Then
               boolReturnValue = True        
   End If
end while
Dr.Close()        
Return boolReturnValue
0
 
LVL 25

Accepted Solution

by:
imitchie earned 336 total points
ID: 20288347
if i may, break to speed things up

While Dr.Read()        
  If (UserName = Dr("name").ToString()) And (Password = Dr("Password").ToString()) Then        
     boolReturnValue = True
     break
  End If        
End While
Dr.Close()        
Return boolReturnValue    
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 25

Expert Comment

by:imitchie
ID: 20288382
replace

    Dim strSQL As String = "Select * From Employee"
    Dim command As New SqlCommand(strSQL, Connection)
    Dim Dr As SqlDataReader
    Connection.Open()
    Dr = command.ExecuteReader()
    While Dr.Read()
        If (UserName = Dr("name").ToString()) And (Password = Dr("Password").ToString()) Then
            boolReturnValue = True
        End If
        Dr.Close()
        Return boolReturnValue
    End While

with

    Dim strSQL As String = "Select [name] From Employee where [name] = '" + Replace(UserName, "'", "''") + "' and [Password]= '" + Replace(Password, "'", "''") + "'"
    Dim command As New SqlCommand(strSQL, Connection)
    Dim Dr As SqlDataReader
    Connection.Open()
    Dr = command.ExecuteReader()
    boolReturnValue = Dr.Eof
    Dr.Close()
    Return boolReturnValue
0
 
LVL 25

Expert Comment

by:imitchie
ID: 20288384
grr... time tosleep
    Dim strSQL As String = "Select [name] From Employee where [name] = '" + Replace(UserName, "'", "''") + "' and [Password]= '" + Replace(Password, "'", "''") + "'"
    Dim command As New SqlCommand(strSQL, Connection)
    Dim Dr As SqlDataReader
    Connection.Open()
    Dr = command.ExecuteReader()
    boolReturnValue = not Dr.Eof
    Dr.Close()
    Return boolReturnValue 

Open in new window

0
 
LVL 2

Author Comment

by:DJFuller
ID: 20288665
Oh my god.. what an idiot I am..

Thanks all of you... I guess I can share points out.

imitchie: what does adding break do?
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 20290034
>imitchie: what does adding break do?
it finishes the while immediately. as at that place, you knew the username/password is correct, no need to loop further in the DataReader.

the suggestion of imitchie to include the username/password test directly in the query is obviously the most efficient method, but could even be made better by using sqlcommand and sqlparameter objects ... but that is another discussion. just read up on those key terms will help you coding alot.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
While opting for any web-to-print solution, you need to discuss with your team and some of your end users and know their opinions about your decisions. In this article we list down some questions you need to ask yourself.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question