private void Btn_back_Click(object sender, EventArgs e) { Hide(); Form backToTodo = new todo_frm(user_id); backToTodo.Show(); }
private void btn_login_Click(object sender, EventArgs e) { //validation TextBox[] inputs = { txt_email, txt_pw }; if (!Validation.IsNotEmpty(inputs)) { } else { try { //query //string query = "SELECT * FROM users WHERE email = '" + txt_email.Text + "' AND password = '******' "; string query = "SELECT * FROM users WHERE email = @email AND password = @password"; // instiantiate db connection MySqlConnection conn = new MySqlConnection(connection_string); // will use to prepare the query MySqlCommand cmd = new MySqlCommand(query, conn); //sanitize strings cmd.Parameters.AddWithValue("@email", txt_email.Text); cmd.Parameters.AddWithValue("@password", txt_pw.Text); // open the connection conn.Open(); MySqlDataReader dr = cmd.ExecuteReader(); //check if there is a result if (dr.Read()) { string user_id = dr[0].ToString(); MessageBox.Show("You are now logged in", "Message Info", MessageBoxButtons.OK, MessageBoxIcon.Information); //close the login form and open the new form after logging in... Hide(); //show the index form Form todo = new todo_frm(user_id); todo.Show(); dr.Close(); } else { dr.Close(); MessageBox.Show("Invalid Email/Password", "Message Info", MessageBoxButtons.OK, MessageBoxIcon.Error); } conn.Close(); } catch (Exception ex) { MessageBox.Show(ex.Message, "Message Info", MessageBoxButtons.OK, MessageBoxIcon.Error); } } }