 |  |  |  |  |  |  |  |
login validation
Please support our ASP.NET advertiser: Intel Parallel Studio Home
 |
hi
i am asp.net beginner, i doing login validation using asp.net in c#.here i was create the db in sql server 2005 ,fetch the data from db and compare the text box value.
if condition error will be show..it is using visual studio 2005 ..
given below my code plz correct the error.
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.Sql;
using System.Data.SqlClient;
public partial class index : System.Web.UI.Page
{
SqlConnection conjds = new SqlConnection();
SqlCommand cmdjds = new SqlCommand();
SqlDataReader redjds;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
string log1, pass1, cid;
string login1, pass2, client1;
//log1 = username.Text;
//pass1 = pass.Text;
//cid = clientid.Text;
conjds.ConnectionString = ConfigurationManager.ConnectionStrings["maillog"].ToString();
conjds.Open();
cmdjds.Connection = conjds;
cmdjds.CommandText = "Select * from login ";
cmdjds.ExecuteNonQuery();
redjds = cmdjds.ExecuteReader();
while (redjds.Read())
{
login1 = redjds.GetString(0);
pass2 = redjds.GetString(1);
client1 = redjds.GetString(2);
}
if (username.Text = "login1" && pass.Text = "pass2" && clientid.Text = "client1" )
{
Response.Redirect("~/assign.aspx");
}
else
{
Response.Write("wrong");
}
conjds.Close();
}
i am asp.net beginner, i doing login validation using asp.net in c#.here i was create the db in sql server 2005 ,fetch the data from db and compare the text box value.
if condition error will be show..it is using visual studio 2005 ..
given below my code plz correct the error.
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.Sql;
using System.Data.SqlClient;
public partial class index : System.Web.UI.Page
{
SqlConnection conjds = new SqlConnection();
SqlCommand cmdjds = new SqlCommand();
SqlDataReader redjds;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
string log1, pass1, cid;
string login1, pass2, client1;
//log1 = username.Text;
//pass1 = pass.Text;
//cid = clientid.Text;
conjds.ConnectionString = ConfigurationManager.ConnectionStrings["maillog"].ToString();
conjds.Open();
cmdjds.Connection = conjds;
cmdjds.CommandText = "Select * from login ";
cmdjds.ExecuteNonQuery();
redjds = cmdjds.ExecuteReader();
while (redjds.Read())
{
login1 = redjds.GetString(0);
pass2 = redjds.GetString(1);
client1 = redjds.GetString(2);
}
if (username.Text = "login1" && pass.Text = "pass2" && clientid.Text = "client1" )
{
Response.Redirect("~/assign.aspx");
}
else
{
Response.Write("wrong");
}
conjds.Close();
}
Hi psathish2,
First of all remove the above quote because it is used when there is no rows are returned, but you are using SELECT statement which returns some number of rows.
Secondly your if condition is totally wrong. Because you collected rows information in to login1 and pass2 then you can directly compare it with any text, no need of Double quote. For ex: -
if(username.Text == login1 && pass.Text == pass2 && clientid.Text == client1)
Instead OF
if(username.Text = "login1" && pass.Text = "pass2" && clientid.Text = "client1")
OR you can use String1.Equals(String2) function to campare two strings.
So if condtion should be
if(username.Text.Equals(login1) && pass.Text.Equals(pass2) && clientid.Text.Equals(client1))
Hope this will help you. If problem persist feel free to ask again to me.
Thanks & Regards
Dilip Kumar Vishwakarma
Programmer
.Net Consulting
•
•
•
•
cmdjds.ExecuteNonQuery();
•
•
•
•
if (username.Text = "login1" && pass.Text = "pass2" && clientid.Text = "client1" )
if(username.Text == login1 && pass.Text == pass2 && clientid.Text == client1)
Instead OF
if(username.Text = "login1" && pass.Text = "pass2" && clientid.Text = "client1")
OR you can use String1.Equals(String2) function to campare two strings.
So if condtion should be
if(username.Text.Equals(login1) && pass.Text.Equals(pass2) && clientid.Text.Equals(client1))
Hope this will help you. If problem persist feel free to ask again to me.
Thanks & Regards
Dilip Kumar Vishwakarma
Programmer
.Net Consulting
•
•
Join Date: Sep 2007
Posts: 1,080
Reputation: 
Solved Threads: 68
Hey, there are many things that are wrong and need updating, so I will lead you through it:
Hope I helped and gave you insight.
conjds.ConnectionString = ConfigurationManager.ConnectionStrings["maillog"].ToString(); conjds.Open(); cmdjds.Connection = conjds; //----------- //This below command is wrong because you are selected everything //from the database, including all 60,000 rows if you have that many users. //cmdjds.CommandText = "Select * from login "; //Below line might need changing depending on your column names cmdjds.CommandText = "SELECT userpass, clientid FROM login WHERE username=@username" //Parameters help prevent against SQL injection. I would recommend them. cmdjds.Parameters.AddWithValue( "@username", Trim(username.Text) ) //----------- //----------- //This below command doesn't return any rows. It is only used for //updates, deletes, and inserts. It does return one value, the number //of records it affected. //cmdjds.ExecuteNonQuery(); //The above line actually wasn't needed at all, and did nothing. The //below line (reader) is what does it all. redjds = cmdjds.ExecuteReader(); //----------- //----------- //For using the while read command, it will do whatever is in between //the brackets for as many rows as you return. If you for some reason //return 4 rows, it will set those variables 4 times, overwriting it every time. //A fix for this is to limit the amount of rows returned: //"SELECT TOP 1 userpass, clientid FROM login WHERE..." //That will only select 1 row. while (redjds.Read()) { login1 = redjds.GetString(0); pass2 = redjds.GetString(1); client1 = redjds.GetString(2); } //this line fails in a few aspects. C#, much like javascript, uses one single //equal sign to assign values. You are basically assigning username.Text to //the login username retrieved from the database, same with the rest //accordingly. For c#, you use two equal signs to do a logical test. Also, for //variables that you assign values to (login1, pass2, client1, etc.), you never //put quotes around. client1 = "a database value", "client1" = "client1" //Keep in mind, this below line also doesn't compare case-senitivity. The password //"jerryspringer" will pass validation even though the actual database password is //"JerrySpringer". To compare case-sensitivity, use the string.equal or string.compare //methods. Look them up on microsoft.com (google: site:microsoft.com string.compare) //if (username.Text = "login1" && pass.Text = "pass2" && clientid.Text = "client1" ) if (username.Text == login1 && pass.Text == pass2 && clientid.Text == client1) { Response.Redirect("~/assign.aspx"); } else { Response.Write("wrong"); }
Last edited by SheSaidImaPregy; Feb 14th, 2008 at 11:15 am.
thank you for information again this error should accorded..
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.Sql;
using System.Data.SqlClient;
public partial class index : System.Web.UI.Page
{
SqlConnection conjds = new SqlConnection();
SqlCommand cmdjds = new SqlCommand();
SqlDataReader redjds;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
string login1, pass2, client1;
conjds.ConnectionString = ConfigurationManager.ConnectionStrings["maillog"].ToString();
conjds.Open();
cmdjds.Connection = conjds;
cmdjds.CommandText = "SELECT username,password,clientid FROM login WHERE username=@username";
//trim is not suport here..
cmdjds.Parameters.AddWithValue("@username",Trim(username.Text));
// cmdjds.ExecuteNonQuery();
//redjds = cmdjds.ExecuteReader();
while (redjds.Read())
{
login1 = redjds.GetString(0);
pass2 = redjds.GetString(1);
client1 = redjds.GetString(2);
}
conjds.Close();
//here use of unassign local variable 'login1','pass2','client1' error is coming
if (username.Text == login1 && pass.Text == pass2 && clientid.Text == client1)
{
Response.Redirect("~/assign.aspx");
}
else
{
Response.Write("wrong");
}
}
}
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.Sql;
using System.Data.SqlClient;
public partial class index : System.Web.UI.Page
{
SqlConnection conjds = new SqlConnection();
SqlCommand cmdjds = new SqlCommand();
SqlDataReader redjds;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
string login1, pass2, client1;
conjds.ConnectionString = ConfigurationManager.ConnectionStrings["maillog"].ToString();
conjds.Open();
cmdjds.Connection = conjds;
cmdjds.CommandText = "SELECT username,password,clientid FROM login WHERE username=@username";
//trim is not suport here..
cmdjds.Parameters.AddWithValue("@username",Trim(username.Text));
// cmdjds.ExecuteNonQuery();
//redjds = cmdjds.ExecuteReader();
while (redjds.Read())
{
login1 = redjds.GetString(0);
pass2 = redjds.GetString(1);
client1 = redjds.GetString(2);
}
conjds.Close();
//here use of unassign local variable 'login1','pass2','client1' error is coming
if (username.Text == login1 && pass.Text == pass2 && clientid.Text == client1)
{
Response.Redirect("~/assign.aspx");
}
else
{
Response.Write("wrong");
}
}
}
Last edited by psathish2; Feb 15th, 2008 at 3:51 am.
•
•
Join Date: Sep 2007
Posts: 1,080
Reputation:
Solved Threads: 68
Sorry, I am a VB.NET developer, so I mis did some syntax (Like trim).
Try the new code:
Try the new code:
ASP.NET Syntax (Toggle Plain Text)
•
•
Join Date: Sep 2007
Posts: 1,080
Reputation:
Solved Threads: 68
If that fails at the if statement, replace it with:
ASP.NET Syntax (Toggle Plain Text)
thank you for your coding but not working if condition not working else part to execute...
string login1, pass2, client1;
conjds.ConnectionString = ConfigurationManager.ConnectionStrings["maillog"].ToString();
conjds.Open();
cmdjds.Connection = conjds;
cmdjds.CommandText = "SELECT username,password,clientid FROM login WHERE username=@username";
cmdjds.Parameters.AddWithValue("@username",username.Text.Trim());
redjds = cmdjds.ExecuteReader();
while (redjds.Read())
{
login1 = redjds.GetString(0);
pass2 = redjds.GetString(1);
client1 = redjds.GetString(2);
// before i put in close bracket in while loop error showed login1,pass2,client1 unassign variable ...
so i changed put in bracket in last ...
//if (username.Text.Equals(login1) && pass.Text.Equals(pass2) && clientid.Text.Equals(client1))
if (login1 == username.Text.Trim() && pass2 == pass.Text.Trim() && client1 == clientid.Text.Trim())
{
Response.Redirect("~/assign.aspx");
}
else
{
Response.Write("wrong");
}
}
conjds.Close();
}
o/p: wrong only printed......
string login1, pass2, client1;
conjds.ConnectionString = ConfigurationManager.ConnectionStrings["maillog"].ToString();
conjds.Open();
cmdjds.Connection = conjds;
cmdjds.CommandText = "SELECT username,password,clientid FROM login WHERE username=@username";
cmdjds.Parameters.AddWithValue("@username",username.Text.Trim());
redjds = cmdjds.ExecuteReader();
while (redjds.Read())
{
login1 = redjds.GetString(0);
pass2 = redjds.GetString(1);
client1 = redjds.GetString(2);
// before i put in close bracket in while loop error showed login1,pass2,client1 unassign variable ...
so i changed put in bracket in last ...
//if (username.Text.Equals(login1) && pass.Text.Equals(pass2) && clientid.Text.Equals(client1))
if (login1 == username.Text.Trim() && pass2 == pass.Text.Trim() && client1 == clientid.Text.Trim())
{
Response.Redirect("~/assign.aspx");
}
else
{
Response.Write("wrong");
}
}
conjds.Close();
}
o/p: wrong only printed......
|
Similar Threads
- Updated : Simple ASP.Net Login Page (ASP.NET)
- html/php form for .htaccess validation (PHP)
- how to update profile of login member (C#)
- Simple ASP.Net Login Page (Using VB.Net) (ASP.NET)
- Cannot login to Hotmail and Yahoo emails (Viruses, Spyware and other Nasties)
- PHP Query, Make users login before accessing a movie? (PHP)
- Variable Validation & MYSQL (PHP)
Other Threads in the ASP.NET Forum
- Previous Thread: Sorting problem ?
- Next Thread: Insert to DB & View Results on Different Page
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest ASP.NET Posts
- Today's Posts
- Unanswered Threads
.net 2.0 3.5 ajax alltypeofvideos appliances asp asp.net beginner box browser businesslogiclayer button c# cac checkbox class commonfunctions compatible content contenttype control countryselector courier dataaccesslayer database datagrid datagridview datalist deployment development dgv dialog dropdownlist dropdownmenu dynamic dynamically edit embeddingactivexcontrol fileuploader fill findcontrol flash flv gridview gudi iis javascript list listbox login menu microsoft mouse mssql nameisnotdeclared news novell numerical opera order panelmasterpagebuttoncontrols problem radio ratings redirect registration relationaldatabases reportemail schoolproject search security serializesmo.table sessionvariables silverlight smoobjects software sql sql-server sqlserver2005 ssl tracking treeview validatedate validation vb.net videos vista visual-studio visualstudio vs2008 web webapplications webarchitecture webdevelopment webprogramming webservice wizard xsl youareanotmemberofthedebuggerusers
