How to put condition equal to two strings

Question

I am working on an ATM college project.

When a user enters his password in a textbox, the password is saved in the database.

I want to compare the password entered in a textbox with the password saved in database. I am getting the password from database but cannot put an equal statement.

The code is as follows:

SqlDataReader rdr = cmd.ExecuteReader();
if (rdr.Read())
{
    string cus_pin = rdr["pin"].ToString();
    string cus_pin_byuser = textBox1.ToString();

    if (string.Equals(cus_pin, cus_pin_byuser) == true)
    {
        cust_main cm = new cust_main();
        cm.label1.Text = label7.Text;
        cm.label2.Text = label6.Text;
        cm.label4.Text = label8.Text;

        CodeVer codeVer = new CodeVer();

        codeVer.getUserAccountNumber(name);
        codeVer.Show();

        this.Close();
    }
    else
    {
        MessageBox.Show("Invalid Pin");
    }
}

Answer 1

I think you might be applying .ToString() on the textBox object. I suppose you want to use textBox1.Text.

So the code would become:

...
string cus_pin = rdr["pin"].ToString()
string cus_pin_byuser = textBox1.Text; 

if (cus_pin == cus_pin_byuser)
...

Also, please note that it is really insecure to store the user's password as plain text. Please store it's hashed version. I really recommend reading on the OWASP's password storage cheat sheet.