vj5 Posted December 12, 2007 Share Posted December 12, 2007 I have a login page which has username and password. I have a database table with username and password stored. Now i want to check if the user exists in the database and if the username and password exists, then redirect them to another page called userpage.aspx. how do I do that in asp.net. here is my code: protected void Page_Load(object sender, EventArgs e) { }protected void Button1_Click(object sender, EventArgs e) { SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true"); con.Open(); Sqlcommand cmd = new SqlCommand("Select * from userinfo where name = txtusername and password = txtuserpassword", con); DataSet ds = new DataSet(); SqlDataAdapter da = new SqlDataAdapter(cmd); da.Fill(ds, "Userinfo"); //txtusername is the field id for the textbox... txtusername.datasource = ds; txtusername.databind(); txtuserpassword.datasource = ds; txtuserpassword.databind(); //Name is the column name in the database table if (txtusername.text = "name") then; Response.Redirect("userpage.aspx"); Endif; } } Link to comment Share on other sites More sharing options...
aspnetguy Posted December 13, 2007 Share Posted December 13, 2007 try something like this protected void Button1_Click(object sender, EventArgs e) { SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true"); con.Open(); string username = txtUserName.Text; //or whatever your field name is string password = txtPassword.Text; bool isMatch = false; //I would recommend using a Regular Expression here to remove any non-alphanumeric //characters from the username to prevent SQL injection Sqlcommand cmd = new SqlCommand(string.Format("select * from userinfo where name='{0}'", username), con); SqlDataReader dr = cmd.ExecuteReader(); while(dr.Read()) { if(dr["password"].ToString() == password) { isMatch = true; } } dr.Close(); con.Close(); //you should use try catch finally block to handle errors if(isMatch) { Response.Redirect("YourPage.aspx"); } else { Response.Write("Incorrect username or password!"); }} Link to comment Share on other sites More sharing options...
vj5 Posted December 13, 2007 Author Share Posted December 13, 2007 try something like thisprotected void Button1_Click(object sender, EventArgs e) { SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true"); con.Open(); string username = txtUserName.Text; //or whatever your field name is string password = txtPassword.Text; bool isMatch = false; //I would recommend using a Regular Expression here to remove any non-alphanumeric //characters from the username to prevent SQL injection [b]Sqlcommand cmd = new SqlCommand(string.Format("select * from userinfo where name='{0}'", username), con);[/b] SqlDataReader dr = cmd.ExecuteReader(); while(dr.Read()) { if(dr["password"].ToString() == password) { isMatch = true; } } dr.Close(); con.Close(); //you should use try catch finally block to handle errors if(isMatch) { Response.Redirect("YourPage.aspx"); } else { Response.Write("Incorrect username or password!"); }} What does the name = {0} do? What does the 0 stands for? Could you please explain? Thanks. Link to comment Share on other sites More sharing options...
aspnetguy Posted December 13, 2007 Share Posted December 13, 2007 it is used in the string.Format function you can use {0} {1} {2} etc to represent where you want a value to be placed. you then place the real values after the string seperated by commasHere is a simple example string level = "simple";string example = string.Format("This is a {0} example of how to use string.Format()", level); It is the same as doing the following except, IMO, nicer looking string level = "simple";string example = "This is a " + level + " example of how to use string.Format()"; Link to comment Share on other sites More sharing options...
vj5 Posted December 13, 2007 Author Share Posted December 13, 2007 It is still not working. It is not going to the userpage.aspx page. I dont know if it is checking the username and password. Link to comment Share on other sites More sharing options...
aspnetguy Posted December 14, 2007 Share Posted December 14, 2007 please post your full code and a simple layout of your database table. It is hard to guess what is going on from the limited information you have given Link to comment Share on other sites More sharing options...
vj5 Posted December 14, 2007 Author Share Posted December 14, 2007 please post your full code and a simple layout of your database table. It is hard to guess what is going on from the limited information you have givenHere is my code:SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true"); con.Open(); string username = txtusername.text; string password = txtuserpassword.text; Sqlcommand cmd = new SqlCommand("Select * from userinfo where name='{0}'", username, con);SqlDataReader dr = cmd.ExecuteReader(); while(dr.Read()) { if(dr["password"].ToString() == password) { isMatch = true; } } dr.Close(); con.Close(); //you should use try catch finally block to handle errors if(isMatch) { Response.Redirect("userpage.aspx"); } else { Response.Write("Incorrect username or password!"); }} Back end is sql server 2005. Table is called userinfo. I have id, email, name, state, password fields in the database. name is the txtusername field and password is txtuserpassword. Based on the username and password, I want to check if the txtusername and txtuserpassword exist in database and redirect to userpage.aspx which shows all the other info from the database. Link to comment Share on other sites More sharing options...
aspnetguy Posted December 14, 2007 Share Posted December 14, 2007 your SqlCommand is wrong it should be Sqlcommand cmd = new SqlCommand(string.Format("Select * from userinfo where name='{0}'", username), con); or Sqlcommand cmd = new SqlCommand("Select * from userinfo where name='" + username + "'", con); Link to comment Share on other sites More sharing options...
vj5 Posted December 14, 2007 Author Share Posted December 14, 2007 your SqlCommand is wrong it should beSqlcommand cmd = new SqlCommand(string.Format("Select * from userinfo where name='{0}'", username), con); or Sqlcommand cmd = new SqlCommand("Select * from userinfo where name='" + username + "'", con); I tried both the statements one after other, but still it isn't working. The page is not going to the userpage. Moreover, I don't know if it is connecting to the database. Is there a way to debug line by line in .net. I tried response.write cmd, it didn't work. Link to comment Share on other sites More sharing options...
aspnetguy Posted December 14, 2007 Share Posted December 14, 2007 post your full code. Do you have a demo you can provide a link to?Is anything being displayed to the screen when you hit the button? Link to comment Share on other sites More sharing options...
vj5 Posted December 14, 2007 Author Share Posted December 14, 2007 post your full code. Do you have a demo you can provide a link to?Is anything being displayed to the screen when you hit the button? { SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true"); con.Open(); string username = txtusername.text; string password = txtuserpassword.text; Sqlcommand cmd = new SqlCommand("Select * from userinfo where name='" + username + "'", con); //Sqlcommand cmd = new SqlCommand(string.Format("Select * from userinfo where name='{0}'", username), con); SqlDataReader dr = cmd.ExecuteReader(); while(dr.Read()) { if(dr["password"].ToString() == password) { isMatch = true; } } dr.Close(); con.Close(); Response.Write("cmd"); if(isMatch) { Response.Redirect("userpage.aspx"); } else { Response.Write("Incorrect username or password!"); }} When I type in username and password, the page still stays with login.aspx and the username is displayed without the password. It is not showing the response.write message(Incorrect username or password). Sorry I dont have a demo to show you. Link to comment Share on other sites More sharing options...
vj5 Posted December 15, 2007 Author Share Posted December 15, 2007 This is the structure of the page. I created a masterpage , added layout, table etc. Created login. aspx page and nested with the master page. Created userpage.aspx page and nested with the master page. Is it because of that it is not working. can someone please help? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.