Log In problem
-
Hi! I have a little problem. My problem is: I have two user. If first user Enter Own LogIn & password. It goes to another page i.e. "first.aspx". If second user Enter Own LogIn & password. It goes to another page i.e. "second page.aspx. My login page is common for both user. I have use this code but it goes only one page. Actually I don't know what can I do. Please solve my problem.
protected void Button1_Click(object sender, EventArgs e)
{
string name = TextBox1.Text;
string password = TextBox2.Text;
string str = " select * from login where user_name ='"+name+"' and password ='"+password+"'";
SqlDataAdapter da= new SqlDataAdapter(str,con);
da.Fill(ds,"a");if ((ds.Tables\[0\].Rows.Count) == 0) { Label1.Text = "User Does not Exist"; } else { Response.Redirect("first.aspx"); }thanx in advance
-
Hi! I have a little problem. My problem is: I have two user. If first user Enter Own LogIn & password. It goes to another page i.e. "first.aspx". If second user Enter Own LogIn & password. It goes to another page i.e. "second page.aspx. My login page is common for both user. I have use this code but it goes only one page. Actually I don't know what can I do. Please solve my problem.
protected void Button1_Click(object sender, EventArgs e)
{
string name = TextBox1.Text;
string password = TextBox2.Text;
string str = " select * from login where user_name ='"+name+"' and password ='"+password+"'";
SqlDataAdapter da= new SqlDataAdapter(str,con);
da.Fill(ds,"a");if ((ds.Tables\[0\].Rows.Count) == 0) { Label1.Text = "User Does not Exist"; } else { Response.Redirect("first.aspx"); }thanx in advance
else
{
if(firstUser)
Response.Redirect("first.aspx");
else if(secondUser)
Response.Redirect("second.aspx");
}ahmad25 wrote:
string str = " select * from login where user_name ='"+name+"' and password ='"+password+"'";
Read about Sql Injection attacks and change this query to parameterized.
Navaneeth How to use google | Ask smart questions
-
Hi! I have a little problem. My problem is: I have two user. If first user Enter Own LogIn & password. It goes to another page i.e. "first.aspx". If second user Enter Own LogIn & password. It goes to another page i.e. "second page.aspx. My login page is common for both user. I have use this code but it goes only one page. Actually I don't know what can I do. Please solve my problem.
protected void Button1_Click(object sender, EventArgs e)
{
string name = TextBox1.Text;
string password = TextBox2.Text;
string str = " select * from login where user_name ='"+name+"' and password ='"+password+"'";
SqlDataAdapter da= new SqlDataAdapter(str,con);
da.Fill(ds,"a");if ((ds.Tables\[0\].Rows.Count) == 0) { Label1.Text = "User Does not Exist"; } else { Response.Redirect("first.aspx"); }thanx in advance
ahmad25 wrote:
string str = " select * from login where user_name ='"+name+"' and password ='"+password+"'";
What ever the Navaneeth , suggested is 100% correct. Please be care of S
QL Injection. Never use SQL query in this way. Always create stored procedure, execute stored procedure form code .cheers, Abhijit
-
ahmad25 wrote:
string str = " select * from login where user_name ='"+name+"' and password ='"+password+"'";
What ever the Navaneeth , suggested is 100% correct. Please be care of S
QL Injection. Never use SQL query in this way. Always create stored procedure, execute stored procedure form code .cheers, Abhijit
Abhijit Jana wrote:
Always create stored procedure, execute stored procedure form code .
That depends. To avoid SQL Injection, you only need parameterized queries. Stored procedures are not must. And I personally don't like writing SP's for every query what I write. This[^] is an interesting read.
Navaneeth How to use google | Ask smart questions
-
Abhijit Jana wrote:
Always create stored procedure, execute stored procedure form code .
That depends. To avoid SQL Injection, you only need parameterized queries. Stored procedures are not must. And I personally don't like writing SP's for every query what I write. This[^] is an interesting read.
Navaneeth How to use google | Ask smart questions
N a v a n e e t h wrote:
you only need parameterized queries.
Yaa.. I also do some times for my own code and utility , but some times may not in live project , cause its not in my hand to decides. But now I have some points.... Thanks for the links !!! BTW : Now your are another coming Fixture in CP ;) . All The Best for Future and Thanks for your Efforts !!!
cheers, Abhijit
-
N a v a n e e t h wrote:
you only need parameterized queries.
Yaa.. I also do some times for my own code and utility , but some times may not in live project , cause its not in my hand to decides. But now I have some points.... Thanks for the links !!! BTW : Now your are another coming Fixture in CP ;) . All The Best for Future and Thanks for your Efforts !!!
cheers, Abhijit
Thanks. I appreciate it :)
Navaneeth How to use google | Ask smart questions
-
else
{
if(firstUser)
Response.Redirect("first.aspx");
else if(secondUser)
Response.Redirect("second.aspx");
}ahmad25 wrote:
string str = " select * from login where user_name ='"+name+"' and password ='"+password+"'";
Read about Sql Injection attacks and change this query to parameterized.
Navaneeth How to use google | Ask smart questions
Thanx for your kind attention. But I couldn't understand what am i write in place of <pre>firstuser from if(firstuser).</pre> If possible please tell me. in my login database I stored two user. Details below : <u>User_name</u> <u> password</u> amit kumar vijay anand
-
Thanx for your kind attention. But I couldn't understand what am i write in place of <pre>firstuser from if(firstuser).</pre> If possible please tell me. in my login database I stored two user. Details below : <u>User_name</u> <u> password</u> amit kumar vijay anand
ahmad25 wrote:
But I couldn't understand what am i write in place of
Why not ? Navaneeth, has completely written the code for you.
cheers, Abhijit
-
ahmad25 wrote:
But I couldn't understand what am i write in place of
Why not ? Navaneeth, has completely written the code for you.
cheers, Abhijit
hi!sir but when i write firstuser.it gives error. because my first user id is 'arun' & password is 'kumar'and second user user id is 'vijay' and password is 'raj'