0

I had created a registration page for users to sign up an account and a database to store all information such as username and password. I had also created a login page for users to login after registering an account. How do I link the database so that I will know that the particular user had keyed the correct password.

 protected void Button1_Click(object sender, EventArgs e)
        {

            string username = TextBox1.Text;
            string password = TextBox2.Text;
            SqlConnection connection = null;
            SqlCommand command = null;
            SqlDataReader dataReader = null;
            try
            {
                string connectionString = ConfigurationManager.ConnectionStrings["TestConnectionString"].ConnectionString;
                connection = new SqlConnection(connectionString);
                connection.Open();
                //prepare sql statements
                string sql = "SELECT * from Staff where username='" + username + "'And Password='" + password + "'";
                command = new SqlCommand(sql, connection);
                dataReader = command.ExecuteReader();

                while (dataReader.Read())
                {

                    username = dataReader.GetString(3);
                    Session.Add("username", username);

                }
                dataReader.Close();
            }
            catch (Exception ex)
            {
                Response.Write(ex.Message);
            }

I had also come up with this. Can someone tell me if I'm doing the right thing?

Edited by pyTony: fixed formating

2
Contributors
2
Replies
3
Views
6 Years
Discussion Span
Last Post by fairy1992224
0

Seems quite o.k. You should not store unencrypted plain text passwords for security reasons. And instead of "SELECT *" better "SELECT username,password" for performance reasons.

0

But when I tried running in browser, I had this error message - Incorrect syntax near the keyword 'User'

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.