handling sql exception

[jwrz200t]

Iam trying to give access to users who are in a database table the code is working fine if i type in the right username and password. But when i type incorrect username or password iam getting an error: index out of range exception was not handled by user code. There is no row at position 0.Blow is the code which iam using for authentication and iam using OLEDB connection.


sql query = new sql();
DataTable dt = query.queryDbReturnDt("SELECT PER_ID,VARIABLE_NAME,VARIABLE_VALUE FROM LOGIN WHERE (PER_ID='" + id + "') AND (VARIABLE_NAME='PASS')AND (VARIABLE_VALUE = '" + password + "')", ref lblerror);

if (id == dt.Rows[0]["PER_ID"].ToString() && password == dt.Rows[0]["VARIABLE_VALUE"].ToString()))
{
FormsAuthentication.SetAuthCookie(id, false);
Response.Redirect(@"~/temp.aspx");
}

What should i do now??

 

[jbenson001]

First, change the code to use a stored procedure with parameters to avoid sql injection attacks.

Then check the rowcount of the datatable, if the count = 1 ( I assume only 1 row should be returned), then do your next if block.

Lastly, put your query code in a Try..Catch stament to handle any errors(particularly a sqlexception)

Jim