Compare results from SQL to textbox?

I am trying to make a user authentication system which pulls data from a SQL table (that has columns "UserID" and "PIN" in it).

How can I check to see what the user entered into the "UserID" and "PIN" textbox's on the page and compare those entries to the database to see if they match up? I have been able to make the below code to do the query itself, but I don't know how to check back and see if it actually returned a match or not.

Function CheckLogin(ByVal userID As String, ByVal pIN As String) As System.Data.DataSet
 Dim connectionString As String = "server='(local)'; trusted_connection=true; database='test'"
 Dim dbConnection As System.Data.IDbConnection = New System.Data.SqlClient.SqlConnection(connectionString)
 Dim queryString As String = "SELECT [UserAuth].[UserID], [UserAuth].[PIN] FROM [UserAuth] WHERE (([UserAuth].["& _
"UserID] like @.UserID) AND ([UserAuth].[PIN] like @.PIN))"
 Dim dbCommand As System.Data.IDbCommand = New System.Data.SqlClient.SqlCommand
 dbCommand.CommandText = queryString
 dbCommand.Connection = dbConnection
 Dim dbParam_userID As System.Data.IDataParameter = New System.Data.SqlClient.SqlParameter
 dbParam_userID.ParameterName = "@.UserID"
 dbParam_userID.Value = userID
 dbParam_userID.DbType = System.Data.DbType.String
 dbCommand.Parameters.Add(dbParam_userID)
 Dim dbParam_pIN As System.Data.IDataParameter = New System.Data.SqlClient.SqlParameter
 dbParam_pIN.ParameterName = "@.PIN"
 dbParam_pIN.Value = pIN
 dbParam_pIN.DbType = System.Data.DbType.String
 dbCommand.Parameters.Add(dbParam_pIN)
 Dim dataAdapter As System.Data.IDbDataAdapter = New System.Data.SqlClient.SqlDataAdapter
 dataAdapter.SelectCommand = dbCommand
 Dim dataSet As System.Data.DataSet = New System.Data.DataSet
 dataAdapter.Fill(blah)
 Return dataSet
End Function

First, don't use "like". Next, you can check dataSet.Tables[0].Rows[0].Count and if it is non-zero, there is a match.

You might want to look at using a query that returns the Count, and then just call ExecuteScaler() on the command rather than doing what you are doing.

Another thought: rather than storing the PID in clear text, excrypt it, or better yet, use a one-way hash.|||Well I just switched from using the free development tool on www.asp.net to ASP.NET included with Visual Studio and now I'm totally confused. Does anyone have any code snippets to do anything remotely close to this that I could use as an example? I'm so lost.|||This article will show you most of what you need to know.