Comparing two rows in the same table in sql servertry{ using (SqlConnectio

1. Comparing two rows in the same table in sql server
2. try
3. {
4. using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["STRING"].ConnectionString))
5. {
6. using (SqlCommand cmd = new SqlCommand("dbo.Res_User", con))
7. {
8. cmd.CommandText = "INSERT INTO Res_User(username, password, key_pin) SELECT '" + username + "' , dbo.fnEncDecRc4('" + pin + "','" + password + "'), '" + pin + "'";
9. con.Open();
10. cmd.ExecuteNonQuery();
11.  
12. MessageBox.Show("Added", "Information", MessageBoxButtons.OK);
13.  
14. cmd.CommandText = "SELECT password FROM Res_User WHERE username = @username";
15. cmd.Parameters.AddWithValue("@username", username);
16. cmd.ExecuteNonQuery();
17.  
18. using (SqlDataReader reader = cmd.ExecuteReader())
19. {
20. if (reader.HasRows)
21. {
22. while (reader.Read())
23. {
24. MessageBox.Show(reader["password"].ToString(), "Information", MessageBoxButtons.OK);
25. }
26. }
27. }
28.  
29. try
30. {
31. using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["STRING"].ConnectionString))
32. {
33. using (SqlCommand cmd = new SqlCommand("dbo.Res_User", con))
34. {
35. cmd.CommandText = "INSERT INTO Res_User(username, password, key_pin) SELECT '" + username + "' , dbo.fnEncDecRc4('" + pin + "','" + password + "'), '" + pin + "'";
36. con.Open();
37. cmd.ExecuteNonQuery();
38.  
39. MessageBox.Show("Added", "Information", MessageBoxButtons.OK);
40.  
41. cmd.CommandText = "SELECT password FROM Res_User WHERE username = @username AND key_pin = @pin AND password = dbo.fnEncDecRc4(@pin, @password)";
42. cmd.Parameters.AddWithValue("@username", username);
43. cmd.Parameters.AddWithValue("@pin", pin);
44. cmd.Parameters.AddWithValue("@password", password);
45. cmd.ExecuteNonQuery();
46.  
47. using (SqlDataReader reader = cmd.ExecuteReader())
48. {
49. if (reader.HasRows)
50. {
51. //successfully validated.
52. }
53. }