TechQA.

I am working on a New user registration form that only contains of 3 fields, Username, password and confirm password

101 views Asked by At

I am working on a user registration form containing only 3 fields Username,password and confirm password. But when i insert data, if password is mismatching, the exception appears form mismatch but on clicking OK, the data is inserted into db. what should i do that it only insert on matching password

private void btn_save_Click(object sender, EventArgs e)
{
    try
    {
         conn.Open();
         OleDbCommand command = new OleDbCommand();
         command.Connection = conn;
         string query = "INSERT INTO Users (username,newpassword)values('" + txt_newusr.Text + "','" + txt_password.Text + "')";
         if (txt_password.Text == "" || txt_cnfpw.Text == "")
         {
             MessageBox.Show("Please enter values");
             return;
         }
         if (txt_password.Text != txt_cnfpw.Text)
         {
             MessageBox.Show("Password confirm password are not matching");
             txt_cnfpw.Focus();
         }
         MessageBox.Show(query);
         command.CommandText = query;
         command.ExecuteNonQuery();
         MessageBox.Show("Record Saved successfully");
         conn.Close();
   }
}
c# authentication parameter-passing sql-insert password-confirmation
Original Q&A
3

There are 3 answers

0
Ibrahem Uwk On

You should change it like that

if (txt_password.Text == txt_cnfpw.Text)
{
    MessageBox.Show(query);
    command.CommandText = query;
    command.ExecuteNonQuery();
    MessageBox.Show("Record Saved successfully");
}
6
Sukanya Bhavanibatla On

In both the success and failure cases you are attempting to commit the transaction. Save statements should only be executed if the password is matching. Move the save statements inside the success block as follows.

if (txt_password.Text == txt_cnfpw.Text)
{
    MessageBox.Show(query);
    command.CommandText = query;
    command.ExecuteNonQuery();
    MessageBox.Show("Record Saved successfully");
}  
else
{
    MessageBox.Show("Password confirm password are not matching");
    txt_cnfpw.Focus();
}
0
sujith karivelil On

You have to do lots of corrections to make this work properly, Corrections like the following:

  • Make use of parameterized queries instead for concatenated queries to avoid injection
  • Process insert only after client-side validations(empty check password match etc)
  • Make use of using for managing connections and commands

I have added an example below, please have a look

try
{
    string query = "INSERT INTO Users (username,newpassword)values(@username,@newpassword)";
    bool CanInsertNewUser = true;
    if (txt_newusr.Text=="" || txt_password.Text == "" || txt_cnfpw.Text == "")
    {
        CanInsertNewUser = false;
        MessageBox.Show("Please enter values");
    }
    if (txt_password.Text != txt_cnfpw.Text)
    {
        CanInsertNewUser = false;
        MessageBox.Show("Password confirm password are not matching");
        txt_cnfpw.Focus();
    }
    if (CanInsertNewUser)
    {
        using (OleDbConnection conn = new OleDbConnection("GiveYourConnectionStringHere"))
        {
            using (OleDbCommand command = new OleDbCommand())
            {
                conn.Open();
                command.Connection = conn;
                command.CommandText = query;
                command.Parameters.Add("@username", OleDbType.VarChar).Value = txt_newusr.Text;
                command.Parameters.Add("@newpassword", OleDbType.VarChar).Value = txt_password.Text;
                command.ExecuteNonQuery();
            }
        }
        MessageBox.Show("Success");
    }

}
catch (Exception ex)
{
    MessageBox.Show("OLEDB issues : " + ex.Message.ToString());
}

Related Questions in C#

Related Questions in AUTHENTICATION

Related Questions in PARAMETER-PASSING

Related Questions in SQL-INSERT

Related Questions in PASSWORD-CONFIRMATION

Popular Questions

Trending Questions