I get an invalid column name exception of "False" in the statement
reader = cmd.ExecuteReader(CommandBehavior.SingleRow);
I understand that this may have something to do with the Boolean type of SQL being a “bit” and not converting falseto 0. How do you mitigate this, or is this a problem here?
public override bool ValidateUser(string username, string password)
{
bool isValid = false;
SqlConnection conn = new SqlConnection(connectionString);
SqlCommand cmd = new SqlCommand("SELECT Password, IsApproved FROM Users" +
" WHERE Email = @Email AND ApplicationName = @ApplicationName AND IsLockedOut = False", conn);
cmd.Parameters.Add("@Email", SqlDbType.NVarChar, 128).Value = username;
cmd.Parameters.Add("@ApplicationName", SqlDbType.NVarChar, 255).Value = m_ApplicationName;
SqlDataReader reader = null;
bool isApproved = true;
string pwd = "";
try
{
conn.Open();
reader = cmd.ExecuteReader(CommandBehavior.SingleRow);
if (reader.HasRows)
{
reader.Read();
pwd = reader.GetString(0);
isApproved = reader.GetBoolean(1);
}
else
{
return false;
}
reader.Close();
if (CheckPassword(password, pwd))
{
if (isApproved)
{
isValid = true;
SqlCommand updateCmd = new SqlCommand("UPDATE Users SET LastLoginDate = @LastLoginDate" +
" WHERE Email = @Email AND ApplicationName = @ApplicationName", conn);
updateCmd.Parameters.Add("@LastLoginDate", SqlDbType.DateTime).Value = DateTime.Now;
updateCmd.Parameters.Add("@Email", SqlDbType.NVarChar, 255).Value = username;
updateCmd.Parameters.Add("@ApplicationName", SqlDbType.NVarChar, 255).Value = m_ApplicationName;
updateCmd.ExecuteNonQuery();
}
}
else
{
conn.Close();
UpdateFailureCount(username, "password");
}
}
source
share