I am doing a project where I need to make a VLE system for a school website. I am using visual web developer 2008, C# and a SQL database. What I need to do is when a student logs in using their username and password they should have their specific information displayed from the database (like what course name, student ID, Email and name etc from the SQL) I have created the login page:
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["RegConnectionString"].ConnectionString);
con.Open();
string cmdStr = "select count (*) from Registration where UserName ='" + TextBox1.Text + "'";
SqlCommand checkuser = new SqlCommand(cmdStr, con);
int temp = Convert.ToInt32(checkuser.ExecuteScalar().ToString());
if (temp == 1)
{
String cmdStr2 = "select password from Registration where UserName ='" + TextBox1.Text + "'";
SqlCommand pass = new SqlCommand(cmdStr2, con);
String password = pass.ExecuteScalar().ToString();
con.Close();
if (password == TextBox2.Text)
{
Session["New"] = TextBox1.Text;
Response.Redirect("secure.aspx");
}
else
{
Label1.Visible = true;
Label1.Text = "Invalid Password....!!!";
}
}
else
{
Label1.Visible = true;
Label1.Text = "Invalid UserName....!!!";
}
}
when you get the user name then you can go for dataset to retrieve all the details about that user and show it in secure.aspx accordingly.
advice: dont use sql query directly(vulnerable to sql injections) , you should use stored proc.. and also dont store password in a plain text. why are you retrieving data twice for same datas.