0

Hi All,

I am using Visual Studio 2010 and for my database I'm using SQL

I am trying to make a multi user login and valdate the input with my datatable

the problem is that i made a login page but it's just check the username and the password but not the access type

I don't know how to include the access type in my code...!!

Plz help

Protected Sub Button1_Click(ByVal sender As Object, ByVal e As EventArgs) Handles Button1.Click
Dim connection As New SqlClient.SqlConnection
Dim command As New SqlClient.SqlCommand
Dim adaptor As New SqlClient.SqlDataAdapter
Dim dataset As New DataSet

    connection.ConnectionString = ("Data Source=.\SQLEXPRESS;AttachDbFilename='C:\Users\sony\Documents\Visual Studio 2010\Projects\SADA\SADA\App_Data\SADA.mdf';Integrated Security=True;Connect Timeout=30;User Instance=True")
    command.CommandText = "SELECT * FROM [User] WHERE (UserName='" + TextBox1.Text + "')AND (PW='" + TextBox2.Text + "');"
    connection.Open()

    command.Connection = connection
    adaptor.SelectCommand = command
    adaptor.Fill(dataset, "0")
    Dim count = dataset.Tables(0).Rows.Count

    If count > 0 Then
        Response.Redirect("Admin.aspx")

    Else
        MsgBox("Error in the input")


    End If

End Sub
2
Contributors
2
Replies
3
Views
5 Years
Discussion Span
Last Post by Maha Sh.
1

Unless you really want to write up all of the code regarding security (login pages, reset passwords, user management, etc..), you may want to use the built-in login controls. I would recommend that you visit Microsoft's site for help on asp.net. They have a section that covers user security: http://www.asp.net/web-forms/overview/security

The only other thing I would recommend is that rather than building the commandText in the manner shown above, which is very common, you should use parameters instead. The code listed above is vulnerable to SQL injection attacks. Think about where a malicious user rather than supplying a user name, the malicious user inputs a single quote, then adds SQL commands to drop your table, or display information about the first user in your table, which may be an administrator.

You may want to research this some more since it appears you are starting this project.

0

Thanks ITG-JM for your advice.

I'll check Microsoft's site :)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.