I'm doing a login page for a win application not a web application(first time). What am i doing wrong, the error i get
"Line 1: incorrect syntax near ' = ' " after executing this line:
SqlDataReader reader = cmd.ExecuteReader(CommandBehavior.CloseConnection);
Here's my code:
public
bool validate(string user, string pword)
{
string strConn = "Data source=datasource; initial catalog=sds; uid=id; password=pw; integrated security=";
SqlConnection conn = new SqlConnection(strConn);
string query = "Select Username, Password from SysUser WHERE Username = @user & Password = @pword";
SqlCommand cmd = new SqlCommand();
cmd.CommandText = query;
cmd.Connection = conn;
SqlParameter objParam1, objParam2;
objParam1 = cmd.Parameters.Add(
"@user", SqlDbType.VarChar);
objParam2 = cmd.Parameters.Add(
"@pword", SqlDbType.VarChar);
objParam1.Direction =
ParameterDirection.Input;
objParam2.Direction =
ParameterDirection.Input;
objParam1.Value = txtUsername.Text;
objParam2.Value = txtPassword.Text;
try
{
if (conn.State == ConnectionState.Closed)
{
conn.Open();
}
SqlDataReader reader = cmd.ExecuteReader(CommandBehavior.CloseConnection);
while (reader.Read())
{
if ((int)reader.GetValue(0) == 1)
{
return true;
}
else
{
return false;
}
}
}
catch (Exception exp)
{
MessageBox.Show("something's wrong bcoz " + exp.Message);
}
return false;
}