grant access ...

I have created a table with ..

username, password, grant

username and password are nvarchar

grant is a bit

I want to check the availability of the username and password and then check if it is granted to access or not ..

so I made a selection query for getting the grant when username ==x and password = y

x=data come from another page

y=data come from another page

then put the selected grant or deny ( true or false) in a data set ..

and then check if it is grant ( true) to complete what I want >>>

else ( deny ...( false )) to return a reponse of deny username or password...

but everytime the dataset is empty ..

this is my code ...

sqlConnection1.Open();SqlDataAdapter da=new SqlDataAdapter("select grant_deny from users where username='"+Request.QueryString["username"]+"' and password='"+Request.QueryString["password"]+"'",sqlConnection1);da.Fill(ds,"users");sqlConnection1.Close()if (ds.Tables[0].Rows[0]["grant_deny"].ToString()=="true"){ . . . . }else { Response.write("error"); }

what is wrong ..??

and if there is anyone has another solution for what I want .. I appriciate any sample code,...

thanks in advance..

Hi,

Make sure you are providing the correct username and password in your sql query. Also, QueryStrings are not safe to pass sensitive informations like passwords.

Regards