Get username in OnLoggedIn and update user in sql - asp.net

I have a script in my site.master page that updates an SQL, it works fine as shown below, but instead of updating the Test I want to update the user who just logged in.
How do I select the current user?
I've found the following, but do not know if it's right, and where it should be added:
System.Web.HttpContext.Current.User.Identity.Name
I use Forms Authentication.
<script runat="server">
void OnLoggedIn(object sender, EventArgs e)
{
//connect to the db
SqlConnection conn = new SqlConnection(WebConfigurationManager.
ConnectionStrings["herning_brand_dk_dbConnectionString"].ConnectionString);
//the command to increment the value in the LoginCounter column by 1
SqlCommand cmd = new SqlCommand("UPDATE aspnet_Users SET
LoginCounter = LoginCounter+1 WHERE UserName = 'Test'", conn);
cmd.CommandType = CommandType.Text;
//update where UserName is Test
cmd.Parameters.AddWithValue("UserName", "Test");
using (conn)
{
//open the connection
conn.Open();
//send the query to increment the number
cmd.ExecuteNonQuery();
}
Label1.Text = System.Web.HttpContext.Current.User.Identity.Name;
}
</script>
EDIT
This works: (more or less)
SqlConnection conn = new SqlConnection(WebConfigurationManager.ConnectionStrings["herning_brand_dk_dbConnectionString"].ConnectionString);
SqlCommand cmd = new SqlCommand("UPDATE aspnet_Users SET LoginCounter = LoginCounter+1 WHERE UserName = #UserName", conn);
cmd.CommandType = CommandType.Text;
//update where UserName is x
cmd.Parameters.AddWithValue("UserName", Login1.UserName);
using (conn)
{
//open the connection
conn.Open();
//send the query to increment the number
cmd.ExecuteNonQuery();
}
It works with a fresh new Login control named "Login1".
But it does not work with the login control I have converted to template, even when I call it "Login1".
<asp:LoginView ID="LoginView1" runat="server">
<LoggedInTemplate>
<b>Velkommen: </b>
<asp:LoginName ID="LoginName1" runat="server" Font-Bold="True" Font-Size="Medium" /> <br />
<asp:LoginStatus ID="LoginStatus1" runat="server" LogoutText="Log ud" Font-Size="Small" LogoutPageUrl="~/Default.aspx" />
</LoggedInTemplate>
<AnonymousTemplate>
<asp:Login ID="Login1" OnLoggedIn="OnLoggedIn" runat="server">
<LayoutTemplate>
<table border="0" cellpadding="1" cellspacing="0" style="border-collapse:collapse;">
<tr>
.....
.....
Any suggestions why?

From the code snippet i would say that you use Login control for the forms authentication. As explained in this example on msdn you can get the username directly from the Login control itself.
Then, your code would look like this:
SqlCommand cmd = new SqlCommand("UPDATE aspnet_Users SET
LoginCounter = LoginCounter+1 WHERE UserName = #UserName", conn);
cmd.CommandType = CommandType.Text;
//update where UserName is Test
cmd.Parameters.AddWithValue("UserName", Login1.UserName);
where Login1 is the ID of your Login control. I'm not sure if you can use
System.Web.HttpContext.Current.User.Identity.Name
at this point because the authentication just occured on the PostBack and the Context is already initialized. I think you can use the User.Identity after the authentication Request is finished.

If you are using the Login control, what you want is this:
MembershipUser user = Membership.GetUser();
string username = user.UserName;

Related

Binary file doesn't get loaded in Radgrid

I'm loading data in a telerik:RadGrid, but I have one column that is not loading, which includes files (binary data).
As you can see in the image, instead of loading DB content, this column just loads System.Byte:
enter image description here
My current bound code is standard
<telerik:GridBoundColumn DataField="FileContent"
FilterControlAltText="Filter por conteudo de ficheiro"
HeaderText="Ficheiro">`
Any ideas on how to load the intended content?
I don't have the telrick gird. But we can display each row, and for each row say have a button on it. When you click on that button, it can downloads that bytes() column from the browser to the client computer.
So, say we have this:
<div style="width:40%">
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False"
DataKeyNames="ID" CssClass="table" >
<Columns>
<asp:BoundField DataField="FileName" HeaderText="FileName" />
<asp:BoundField DataField="MineType" HeaderText="MineType" />
<asp:BoundField DataField="Description" HeaderText="Description" />
<asp:TemplateField HeaderText="View">
<ItemTemplate>
<asp:ImageButton ID="cmdExcel" runat="server" Height="48px" Width="48px"
ImageUrl="~/Content/excel.png"
OnClick="cmdExcel_Click" />
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>
Our database has a column called FileB (byes of the excel file).
So, we can load up the grid, but NOT include the Excel file. But, we did place a button in the grid as per above.
So, code to fill the grid can look like this:
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
LoadGrid();
}
void LoadGrid()
{
using (SqlConnection conn = new SqlConnection(Properties.Settings.Default.TEST4))
{
string strSQL = "SELECT ID, FileName, MineType, Description FROM tblFiles";
using (SqlCommand cmdSQL = new SqlCommand(strSQL, conn))
{
conn.Open();
GridView1.DataSource = cmdSQL.ExecuteReader();
GridView1.DataBind();
}
}
}
DataTable MyRst(string strSQL)
{
DataTable rst = new DataTable();
using (SqlConnection conn = new SqlConnection(Properties.Settings.Default.TEST4))
{
using (SqlCommand cmdSQL = new SqlCommand(strSQL, conn))
{
conn.Open();
rst.Load(cmdSQL.ExecuteReader());
}
}
return rst;
}
And now we have this:
Note in a above how we not only saved the file name, but ALSO saved the "mine" type. .net 4.5 (or later) has a built in function called GetMineType - you can pass it a file name, and it will produce the correct mine type.
So, in above, when you click on the "image button", then we have this code to fetch the bytes from the database, and send it to the client:
protected void cmdExcel_Click(object sender, ImageClickEventArgs e)
{
ImageButton btn = (ImageButton)sender;
GridViewRow gRow = (GridViewRow)btn.Parent.Parent;
int PKID = (int)GridView1.DataKeys[gRow.RowIndex]["ID"];
// get data from table
DataRow rstData = MyRst("SELECT FileB, FileName, MineType from tblFiles where ID = " + PKID).Rows[0];
Byte[] binFile = (Byte[])rstData["FileB"];
Response.Clear();
Response.ClearContent();
Response.ClearHeaders();
Response.ContentType = rstData["MineType"].ToString();
Response.AddHeader("Content-Disposition", "inline; filename=" + rstData["FileName"]);
Response.BinaryWrite(binFile);
Response.End();
}
As noted, most grids, be they gridview, list view or that telerick grid should work similar. So you don't include the bytes() data in the grid, but allow a button click, and stream down (send) the byte file to the client.

Why can't I see ajax slide show images when I run?

I'd like to have an ajax slideshow on my web site. I get image urls from a database.
I think the code is right,but when I debug it my database photos are not shown.
I'm sure that my photos load completely.
<ajax:ToolkitScriptManager ID="ToolkitScriptManager1" runat="server">
</ajax:ToolkitScriptManager>
<div align="center">
<asp:Image ID="imgslides" runat="server" Height="400px"
ImageUrl="Gallery images/72007_205.jpg" BorderColor="Black"
BorderStyle="Solid" BorderWidth="5 px" />
<asp:Button ID="btnPrevious" runat="server" Text="Prev" />
<asp:Button ID="btnPlay" runat="server" Text="Play" />
<asp:Button ID="btnNext" runat="server" Text="Next" />
<ajax:SlideShowExtender ID="SlideShowExtender1"
runat="server" AutoPlay="true" Loop="true"
NextButtonID="btnNext"
PreviousButtonID="btnPrevious"
PlayButtonID="btnPlay"
PlayButtonText="Play"
StopButtonText="Stop"
TargetControlID="imgslides"
SlideShowServiceMethod="GetSlides"
SlideShowServicePath = "Slideshow.asmx">
</ajax:SlideShowExtender>
and this is my web service code Slideshow.asmx
public AjaxControlToolkit.Slide[] GetSlides()
{
SqlConnection myconn = new SqlConnection();
myconn.ConnectionString = "Data Source=PARISA-PC;Initial Catalog=Images;Integrated Security=True";
myconn.Open();
string selectCmd = "select * from images";
string countCmd = "select count(*) from images";
SqlCommand myCmd = new SqlCommand(selectCmd,myconn);
SqlCommand myCmd2 = new SqlCommand(countCmd,myconn);
int i = 0;
SqlDataReader dr = myCmd.ExecuteReader();
ArrayList ar = new ArrayList();
try
{
while (dr.Read())
{
ar.Add(dr.GetString(2));
}
}
catch (Exception)
{
throw;
}
myconn.Close();
AjaxControlToolkit.Slide[] Photos = new AjaxControlToolkit.Slide[ar.Count];
for(i=0 ; i< ar.Count ; i++){
Photos[i] = new AjaxControlToolkit.Slide(ar[i].ToString(),"image"+i.ToString(),"Booth's images");
}
return Photos;
}
[1]: http://i.stack.imgur.com/eMw4S.jpg
You have to use http handler or an aspx page (which showing images from database). Then you can send the Query String to that handler or aspx for a particular image from ajax slide web service. You can get enough examples in google about it.

SQL Server entry using URL querystring

I am getting a URL from PIC 32 controller using it's post function.
which is like, www.example.com/Default.aspx?x=12&y=23
What I want to do is that when I get the URL, I want to store the values of x and y into SQL Server.
I have launched a .aspx using the IIS server on my system. The coding of the aspx page is..
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
<title>Sample Configuration Page</title>
<style type="text/css">
.style1
{
width: 100%;
}
</style>
</head>
<body>
<form id="form1" runat="server">
<div>
<table class="style1">
<tr>
<td>IP Address:</td>
<td>
<asp:TextBox ID="TxtName" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>MAC Address:</td>
<td>
<asp:TextBox ID="TxtUserName" runat="server"></asp:TextBox>
</td>
</tr>
</table>
</div>
<asp:Button ID="Button1" runat="server" Text="Save"
onclick="Button1_Click" />
</form>
</body>
</html>
Please guide me with this.
The data will be stored in the database with following C# code,
SqlConnection conn = new SqlConnection(GetConnectionString());
string sql = "INSERT INTO tblRegistration1 (IP, MAC) VALUES "
+ " (#IP_Address,#MAC_Address)";
try
{
conn.Open();
SqlCommand cmd = new SqlCommand(sql, conn);
SqlParameter[] param = new SqlParameter[6];
//param[0] = new SqlParameter("#id", SqlDbType.Int, 20);
param[0] = new SqlParameter("#IP_Address", SqlDbType.VarChar, 50);
param[1] = new SqlParameter("#MAC_Address", SqlDbType.VarChar, 50);
param[0].Value = IP_Address;
param[1].Value = MAC_Address;
for (int i = 0; i < param.Length; i++)
{
cmd.Parameters.Add(param[i]);
}
cmd.CommandType = CommandType.Text;
cmd.ExecuteNonQuery();
}
catch (System.Data.SqlClient.SqlException ex)
{
string msg = "Insert Error:";
msg += ex.Message;
throw new Exception(msg);
}
finally
{
conn.Close();
}
public string GetConnectionString()
{
//sets the connection string from your web config file "ConnString" is the name of your Connection String
return System.Configuration.ConfigurationManager.ConnectionStrings["MyConsString"].ConnectionString;
}
Everything is fine while using it with the computer browser.
But the post coming from the PIC32 is not executing. I dont know how do i proceed with the URL coming back to my IIS server which contains IP and MAC details.
In my application I m having these data from PIC32 plat from as well computers.
I hope I have made my self clear.
To get a variable form URL use
Request.QueryString["variable"];
So you can use SqlDataSource to establish SQL Connection or SqlConnection
SqlDataSource
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString='<%$ ConnectionStrings:Conn %>'InsertCommand="INSERT INTO [TableName] ([x], [y]) VALUES (#x, #y)" >
<InsertParameters>
<asp:QueryStringParameter Name="x" Type="Int16"></asp:Parameter>
<asp:QueryStringParameter Name="y" Type="Int16"></asp:Parameter>
</InsertParameters>
</asp:SqlDataSource>
SqlConnection
public void insertData()
{
using (SqlConnection con = new SqlConnection(conString))
{
con.Open();
try
{
using (SqlCommand cmd = new SqlCommand("INSERT INTO TableName(x, y) VALUES(#x, #y)", con))
{
cmd.Parameters.Add(new SqlParameter("x", Request.QueryString["x"]));
cmd.Parameters.Add(new SqlParameter("y", Request.QueryString["y"]));
cmd.ExecuteNonQuery();
}
}
catch (Exception Ex)
{
Console.WriteLine("Unable To Save Data. Error - " + Ex.Message);
}
}
}

.ExecuteNonQuery() sql asp.net error

This is my first time working with sql and asp.net. I am working on a few examples to ensure I have all the basics I need. I was walking though a tutorial and where everything should be working just fine, I am getting an .ExecuteNonQuery() Error. SqlException was unhandled by user code // Incorrect syntax near the keyword 'Table'.
If you have any pointers, let me know. I worked the tutorial twice, I'm sure I'm doing something wrong here. -Thanks
.CS Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
namespace WebSite
{
public partial class _default : System.Web.UI.Page
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
protected void Page_Load(object sender, EventArgs e)
{
con.Open();
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlCommand cmd = new SqlCommand("insert into Table values('" + txtfName.Text + "','" + txtlName.Text + "','" + txtpNumber.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
Label1.Visible = true;
Label1.Text = "Your DATA has been submitted";
txtpNumber.Text = "";
txtlName.Text = "";
txtfName.Text = "";
}
}
}
.aspx File:
<form id="form1" runat="server">
<div class="auto-style1">
<strong>Insert data into Database<br />
<br />
</strong>
</div>
<table align="center" class="auto-style2">
<tr>
<td class="auto-style3">First Name:</td>
<td class="auto-style4">
<asp:TextBox ID="txtfName" runat="server" Width="250px"></asp:TextBox>
</td>
</tr>
<tr>
<td class="auto-style3">Last Name:</td>
<td class="auto-style4">
<asp:TextBox ID="txtlName" runat="server" Width="250px"></asp:TextBox>
</td>
</tr>
<tr>
<td class="auto-style3">Phone Number:</td>
<td class="auto-style4">
<asp:TextBox ID="txtpNumber" runat="server" Width="250px"></asp:TextBox>
</td>
</tr>
<tr>
<td class="auto-style3"> </td>
<td class="auto-style4">
<asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Submit" Width="150px" />
</td>
</tr>
</table>
<br />
<br />
<asp:Label ID="Label1" runat="server" ForeColor="#663300" style="text-align: center" Visible="False"></asp:Label>
<br />
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" SelectCommand="SELECT * FROM [Table]"></asp:SqlDataSource>
</form>
SQL Database:
CREATE TABLE [dbo].[Table] (
[Id] INT IDENTITY (1, 1) NOT NULL,
[fName] VARCHAR (50) NOT NULL,
[lName] VARCHAR (50) NOT NULL,
[pNumber] VARCHAR (50) NOT NULL,
PRIMARY KEY CLUSTERED ([Id] ASC)
);
Usually this error message is caused by a single quote present in your input textboxes or by the use of a reserved keyword. Both problems are present in your query. The TABLE word is a reserved keyword for SQL Server and thus you should encapsulate it with square brackets, while for the possible presence of a single quote in the input text the correct approach is to use Parameterized Query like this
SqlCommand cmd = new SqlCommand("insert into [Table] values(#fnam, #lnam, #pNum)", con);
cmd.Parameters.AddWithValue("#fnam", txtfName.Text );
cmd.Parameters.AddWithValue("#lnam", txtlName.Text );
cmd.Parameters.AddWithValue("#pNum", txtpNumber.Text);
cmd.ExecuteNonQuery();
With this approach you shift the work to parse your input text to the framework code and you avoid problems with parsing text and Sql Injection
Also, I suggest to NOT USE a global variable to keep the SqlConnection reference. It is an expensive resource and, if you forget to close and dispose it, you could have a significant impact on the performance and the stability of your application.
For this kind of situations the using statement is all you really need
using(SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings
["ConnectionString"].ConnectionString));
{
con.Open();
SqlCommand cmd = new SqlCommand("insert into [Table] values(#fnam, #lnam, #pNum)", con);
cmd.Parameters.AddWithValue("#fnam", txtfName.Text );
cmd.Parameters.AddWithValue("#lnam", txtlName.Text );
cmd.Parameters.AddWithValue("#pNum", txtpNumber.Text);
cmd.ExecuteNonQuery();
}
Of course remove the global variable and the open in the Page_Load
Your query is trying to insert into a table called Table. Does that really exist? If not then put the actual table name into the query. If your table really is called Table then I strongly recommend you change it to something less confusing.
Also, stop writing commands by concatenating text now. Learn how to use parameters in order to prevent SQL injection
EDIT
An insert statement uses the format specified in the BOL documents for INSERT, and the examples provided therein. Table is a keyword, so don't use it as a table name. If you have to use a keyword, you need to escape it using square brackets. See BOL: Delimited Identifiers
I still say, don't use "Table" as the name for a table. Make your life easier.
Oh, and write secure code (see the above comment re SQL injection, and how Linked In got hit, and how much it cost them)
Changed 'insert into Table values' to 'insert into [Table] values' and all works fine. Thanks Note to self, stay away from simple names.
SqlConnection conn = new SqlConnection("Data Source=MCTX-ZAFEER\\SQLEXPRESS;Initial Catalog=ZKAbid_Db;Persist Security Info=True;User ID=sa;Password=sa#1234");
public int checkLogin(Ad_login ad)
{
SqlCommand cmd = new SqlCommand("Sp_Login", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("#Admin_id", ad.Ad_id);
cmd.Parameters.AddWithValue("#Password", ad.Ad_Password);
// cmd.InsertCommand.Connection = connection1;
SqlParameter objLogin = new SqlParameter();
objLogin.ParameterName = "#isValid";
objLogin.SqlDbType = SqlDbType.Bit;
objLogin.Direction = ParameterDirection.Output;
cmd.Parameters.Add(objLogin);
conn.Open();
cmd.ExecuteNonQuery();
int res = Convert.ToInt32(objLogin.Value);
conn.Close();
return res;
}
Wherever you are using ExecuteNonQuery() you should catch SqlException or you need to throws from your function.
In the case given above Button1_Click is the function using ExecuteNonQuery() from SqlCommand class.
Now what happens that this function ( ExecuteNonQuery ) has definition to throws SqlException. so you have two option
- you can also throws SqlException
- or you can put this line in try catch block to handle the Exception.

'Image1' is not declared. It may not be accessible due to it's permission level error

I have a comments box which has a template field which looks something like this..
<asp:GridView ID="GridView2" runat="server" AutoGenerateColumns="False" DataSourceID="CommentsDataSource" Height="167px" Width="325px">
<Columns>
<asp:TemplateField HeaderText="Comments">
<ItemTemplate>
<div style="background-color:Silver">
<div class="avatar-frame">
<asp:Image ID="ProfilePic" runat="server"/>
</div>
<h1><%# Eval("TagLine")%></h1>
<h2><%# Eval("IfNonMemberUserName")%></h2>
<p><%# Eval("CommentBody")%></p>
</div>
</ItemTemplate>
<AlternatingItemTemplate>
<div style="background-color:White">
<div class="avatar-frame">
</div>
<h1><%# Eval("TagLine")%></h1>
<h2><%# Eval("IfNonMemberUserName")%></h2>
<p><%# Eval("CommentBody")%></p>
</div>
</AlternatingItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>
<asp:SqlDataSource ID="CommentsDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:BookMeetConnString %>" ProviderName="<%$ ConnectionStrings:BookMeetConnString.ProviderName %>" SelectCommand="SELECT [IfNonMemberUserName], [UserAvatar], [TagLine], [CommentBody] FROM [comments] WHERE ([BookID] = ?)">
<SelectParameters>
<asp:QueryStringParameter Name="?" QueryStringField="ID" />
</SelectParameters>
</asp:SqlDataSource>
Some background:
I have an MS Access database with a table called 'userprofiles' which has a field called AvatarURL. Similiarly there is also a table called 'comments' which has lookupfield called 'UserAvatar' inside of it referring to the 'userprofiles' table's 'AvatarURL' field.
I am receiving the "'ProfilePic' is not declared. It may not be accessible due to it's permission level" error in my code behind. Intellisense is telling me that the image that has the ID 'ProfilePic' is not declared (within the DisplayData sub routine.
The problematic bit of code is:
Protected Sub DisplayData()
Dim conn As OleDbConnection = New OleDbConnection(ConfigurationManager.ConnectionStrings("BookMeetConnString").ConnectionString)
Dim sql = "SELECT * FROM userprofiles WHERE TravellerName=#f1"
Dim cmd = New OleDbCommand(sql, conn)
cmd.Parameters.AddWithValue("#f1", User.Identity.Name)
conn.Open()
Dim profileDr = cmd.ExecuteReader()
profileDr.Read()
If Not IsDBNull(profileDr("AvatarURL")) Then ProfilePic.ImageUrl = profileDr.Item("AvatarURL")
conn.Close()
End Sub
At runtime, detail.aspx works fine, but the avatars in the comment box don't show up at all. What am I doing wrong?
EDIT:
I have managed to get this far:
Protected Sub GridView2_RowDataBound(sender As Object, e As GridViewRowEventArgs)
Dim conn As OleDbConnection = New OleDbConnection(ConfigurationManager.ConnectionStrings("BookMeetConnString").ConnectionString)
Dim sql = "SELECT * FROM userprofiles WHERE TravellerName=#f1"
Dim cmd = New OleDbCommand(sql, conn)
cmd.Parameters.AddWithValue("#f1", User.Identity.Name)
conn.Open()
Dim profileDr = cmd.ExecuteReader()
profileDr.Read()
Dim ProfilePic
If e.Row.RowType = DataControlRowType.DataRow Then
ProfilePic = e.Row.FindControl("ProfilePic")
If Not IsDBNull(profileDr("AvatarURL")) Then ProfilePic.ImageUrl = profileDr.Item("AvatarURL")
End If
conn.Close()
End Sub
However, the images still do not appear at runtime. What is wrong with this? Should I be using the datareader?
The only way to refer to get at ProfilePic is to set it at DataBind time. You'll need to wire up the GridView2_RowDataBound event by adding OnRowDataBound="GridView2_RowDataBound" to your asp:GridView tag.
You'll then get the RowDataBound event for each row (even header and footer rows, so you need to test for what type of row is currently firing the event. You can then use FindControl on the current row item to look for the current row's ProfilePic. You'll have to cast the output of that function into an Image.
protected void GridView2_RowDataBound(object sender, GridViewRowEventArgs e)
{
if (e.Row.RowType == DataControlRowType.DataRow)
{
Image ProfilePic = (Image)e.Row.FindControl("ProfilePic");
ProfilePic.ImageUrl = "stuff";
}
}
As a control within a template, you can only access the control when binding, in particular in the OnRowDataBound event handler (for a GridView).
In this event handler you need to call FindControl with the ID of the wanted control and cast it to the right type (only if you need to access specific members of that type).
Try this
public string DisplayData()
Dim conn As OleDbConnection = New OleDbConnection(ConfigurationManager.ConnectionStrings("BookMeetConnString").ConnectionString)
Dim sql = "SELECT * FROM userprofiles WHERE TravellerName=#f1"
Dim cmd = New OleDbCommand(sql, conn)
cmd.Parameters.AddWithValue("#f1", User.Identity.Name)
conn.Open()
Dim profileDr = cmd.ExecuteReader()
profileDr.Read()
string imagename= profileDr("AvatarURL")
conn.Close()
return imagename
End Sub
and client side change for
<asp:Image ID="ProfilePic" **ImageUrl='<%# DisplayData()%>'** runat="server" />

Resources