i am stuck in my login page..my button click event is as follows:
protected void Button1_Click(object sender, EventArgs e)
{
string cs = "Data Source=ims-aab46237892;Initial Catalog=Inventory;Integrated Security=True";
string SelectString = "SELECT COUNT(*) FROM user WHERE username = #Username AND password = #Password";
SqlConnection con = new SqlConnection(cs);
SqlCommand cmd = new SqlCommand(SelectString,con);
cmd.Connection = con;
cmd.CommandType = CommandType.Text;
cmd.CommandText = SelectString;
SqlParameter username = new SqlParameter("#Username",SqlDbType.VarChar,50);
username.Value = TextName.Text.Trim().ToString();
cmd.Parameters.Add(username);
SqlParameter password = new SqlParameter("#Password", SqlDbType.VarChar, 50);
password.Value = TextPass.Text.Trim().ToString();
cmd.Parameters.Add(password);
con.Open();
if(cmd.ExecuteScalar() != null)
Response.Redirect("Home.aspx");
else
Response.Redirect("wrongpasspage.aspx");
con.Close();
}
and my data table has the required username and password fields.. error i am getting is incorrect syntax near keyword user... plz help
user is a reserved keyword in SQL server. Try [user] or rename your table to Users.
use [user] instead of user in SelectString statement.
Related
protected void submit_Click(object sender, EventArgs e)
{
Label2.Text = Session["id"].ToString();
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnString"].ConnectionString);
SqlCommand cmd = con.CreateCommand();
con.Open();
string UpdateQuery = "Update register set name='" + name.Text + "'where email='" + Session["id"] + "'";
SqlCommand cmd3 = new SqlCommand(UpdateQuery, con);
cmd3.CommandType = CommandType.Text;
con.Close();
}
}
I want to update name record using session for user profile in asp.net.
Try like this:
using (SqlConnection conn =
new SqlConnection(ConfigurationManager.ConnectionStrings["ConnString"].ToString()))
{
string strSQL = "UPDATE register set [name] = #name " +
"WHERE email = #email";
using (SqlCommand cmd = new SqlCommand(strSQL, conn))
{
cmd.Parameters.Add("#name", SqlDbType.NVarChar).Value = name.Text;
cmd.Parameters.Add("#email", SqlDbType.NVarChar).Value = Session["id"].ToString();
conn.Open();
cmd.ExecuteNonQuery();
}
}
The above will dispose/close the connection for you. And this will even close the connection if you have some error in the code.
The above also removes the messy "'" and concatenation in your code (easy to read, and maintain). And by using parameter's the code is also safe from injection.
hence:
I'm using asp.net to create a login page; in debugging I see the correct inputted data but I keep gettting the error message Invalid Username or Password even when it is valid. I have also executed the stored procedure with values and shows the correct result. I'm not sure what is happening.
protected void login_Click(object sender, EventArgs e)
{
String username = txtUserName.Text.ToString();
String password = txtPassword.Text;
string con = ConfigurationManager.ConnectionStrings["LoginConnectionString"].ToString();
SqlConnection connection = new SqlConnection(con);
connection.Open();
string passwords = encryption(password);
SqlCommand cmd1 = new SqlCommand("spLogin", connection);
cmd1.CommandType = CommandType.StoredProcedure;
cmd1.Parameters.AddWithValue("#UserName", username);
cmd1.Parameters.AddWithValue("#password", passwords);
SqlDataReader sqldr = cmd1.ExecuteReader();
if (sqldr.Read())
{
Session["UserName"] = username.ToUpper();
Response.Redirect("~/Home/Welcome.aspx");
}
else
{
lblError.Text = "Invalid Username or Password";
}
connection.Close();
sqldr.Close();
}
StoredProcedure
select * from Users u where UserName=#UserName and password=#password
ALTER PROCEDURE tableuser
-- Add the parameters for the stored procedure here
#userName varchar(50)
AS
IF EXISTS(SELECT 'True' FROM tbl_user WHERE userName = #userName)
BEGIN
--This means it exists, return it to ASP and tell us
SELECT 'This record already exists!'
END
ELSE
BEGIN
--This means the record isn't in there already, let's go ahead and add it
SELECT 'Record Added'
INSERT into tbl_user(userName) VALUES(#username)
END
This is my code in sql server management studio and below is the C# code:
protected void Button1_Click(object sender, EventArgs e)
{
SqlCommand cmd = new SqlCommand("tableuser", conn);
conn.Open();
SqlParameter param = new SqlParameter();
cmd.Parameters.AddWithValue("#userName", uname.Text);
param.Value = uname.Text;
cmd.Parameters.Add(param);
SqlDataReader reader = cmd.ExecuteReader();
if (reader.HasRows)
{
Response.Write("Username exists");
}
else
{
cmd.Parameters.AddWithValue("#userName", uname.Text);
cmd.CommandType = System.Data.CommandType.StoredProcedure;
conn.Open();
cmd.ExecuteNonQuery();
Response.Write("Successfully saved...!!!");
conn.Close();
}
}
}
The error comes is: Procedure or function 'tableuser' expects parameter '#userName', which was not supplied.
This should work:
conn.Open();
var cmd = new SqlCommand("tableuser", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("#userName", uname.Text);
var rdr = cmd.ExecuteReader();
rdr.Read();
Response.Write(rdr.GetString(0));
conn.Close();
aspx
TextBox1.Text
World.aspx
TextBox1.Text
I want the pages Hello.aspx and World.aspx having same value of validation
please help me anybody have the idea about this
You need to save the value on the first page using cookies or database or something else.
Then retrieve the value in the second page and compare the values in the validation function or event.
using(SqlConnection cn = new SqlConnection(connStr))
{
using(SqlCommand cmd = new SqlCommand())
{
cmd.Connection = cn;
string sql = string.Format(#"select email from customers where customer_id = '{0}'", customer_id);
cmd.CommandType = CommandType.Text;
//try and catch block would go here
cmd.CommandText = sql;
cn.Open();
SqlDataReader rdr = cmd.ExecuteReader();
string email = rdr[0].ToString();
cn.Close();
}
}
I have this code and need to complete it..
string conn_str =
#"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\mydb.mdf;
Integrated Security=True;User Instance=True";
SqlConnection conn = new SqlConnection(conn_str);
SqlCommand cmd = new SqlCommand("SELECT Password FROM Users WHERE UserName=#un", conn);
cmd.Parameters.Add("#un", SqlDbType.NVarChar);
cmd.Parameters["#un"].Value = **???**;
conn.Open();
string pwd = (string)cmd.ExecuteScalar();
conn.Close();
I have some values in sql data:
Tables:
Users
Username
Password
Now in login page i have textboxNAME and textboxPassword and if user type right login info(that in database) it refers him to default.aspx
Try
cmd.Parameters["#un"].Value = textboxName.Text;
and
if(textboxPassword.Text.Equals(pwd))
{
Request.Redirect("default.aspx");
}
else
{
//login failed
}
Try This:
string conn_str = #"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\mydb.mdf; Integrated Security=True;User Instance=True";
private string _password;
SqlConnection conn = new SqlConnection(conn_str);
SqlCommand cmd = new SqlCommand("SELECT Password FROM Users WHERE UserName=#un", conn);
cmd.Parameters.Add("#un", SqlDbType.NVarChar,50).Value=txtusername.text;
//use add with value to specify which object you want to use
SqlDataAdapter adapt = new SqlDataAdapter(cmd);
//load data to datatable
DataTable dt = new Datatable();
conn.Open();
adapt.Fill(dt);
//get Password on Datatable
Foreach(DataRow a in dt.Rows)
{
_password = a["Password"].Tostring();
}
//Check password
if(_password==string.Empty)
{
//remain
}
else if(_password==txtpassword.Text)
{
Response.Redirect("My page");
}
conn.Close();
Regards