Validating Email and Password Input Against a Dataset

0
votes

I am trying to validate user input from a form against the results of a dataset from my database. I do not know if I am implementing the logic or the attempt at the foreach loop (I kinda just made it up based on logic). I am trying to assign the indices of the datatable(created off the dataset) to variables, and then check if they match user input. Is this a decent way to do this? Is it possible? How can I make this work?

I get an error from code I thought I was correctly implementing that you can find in the comments of the code.

protected void btnSubmit_Click(object sender, EventArgs e) { //creates a connection for a data set to fill emails and passwords for validation string ConnectionString = ConfigurationManager.ConnectionStrings["ContourCoffeeRoastersConnectionString"].ConnectionString; ; SqlConnection Conn = new SqlConnection(ConnectionString); Conn.Open();

    //creats a data set with database information and puts the dataset in a datatable
    SqlDataAdapter daCustomer = new SqlDataAdapter("Select (CustEmail, CustPW) From Customer", Conn);
    DataSet dsEmailsandPW = new DataSet("Emails");
    daCustomer.Fill(dsEmailsandPW, "Customers");//I get and error here in my stack trace
    DataTable tblCustomers;
    tblCustomers = dsEmailsandPW.Tables["Customers"];

    //sets the variable to user inputed data from the login form so it can be compared and validated to the dataset
    string custEmail = exampleInputEmail1.Text;
    string custPW = exampleInputPassword1.Text;

    //looks through each row on the data set to see if a matching email can be found
    foreach (DataRow drCurrent in tblCustomers.Rows)
    {
        string txtEmail = drCurrent[0].ToString();//sets a variable to the first index of the current row of the dataset
        if (txtEmail == custEmail)//if a match is found with the user input and a record in the database through the data set the password is then checked for validation
        {
            string txtPW = drCurrent[1].ToString();//assigns a vaiable to the second index of the row that should contain customer password
            if (txtPW == custPW)//if the password is a match 
            {
                lblLogin.Text = "You are logged in!";
                //TODO: query for cartID and set it to the cookie!!!!! 
            }
            else
            {
                lblLogin.Text = "Email/username combination is not correct";
            }
        }
        else
        {
            lblLogin.Text = "Email/username combination is not correct";
        }
    }
1
c#asp.netvalidationdatatabledataset

1 Answers

0
votes

I would recommend sending a query 

"SELECT CustEmail FROM Customer where CustPW =" + custPw;

And evaluate it as a boolean value. If it comes back true, you have a valid login. If it comes back false, you have an invalid login.

You can also do something like 

"SELECT CustEmail FROM Customer where CustPW =" + sha1(custPw);

If the passwords are encrypted, you can encrypt their attempted login password and check it against the DB's encrypted password.

EDIT: I'd also recommend storing your queries as stored procedures and just providing the variable data.