I had created a registration page for users to sign up an account and a database to store all information such as username and password. I had also created a login page for users to login after registering an account. How do I link the database so that I will know that the particular user had keyed the correct password.

 protected void Button1_Click(object sender, EventArgs e)

            string username = TextBox1.Text;
            string password = TextBox2.Text;
            SqlConnection connection = null;
            SqlCommand command = null;
            SqlDataReader dataReader = null;
                string connectionString = ConfigurationManager.ConnectionStrings["TestConnectionString"].ConnectionString;
                connection = new SqlConnection(connectionString);
                //prepare sql statements
                string sql = "SELECT * from Staff where username='" + username + "'And Password='" + password + "'";
                command = new SqlCommand(sql, connection);
                dataReader = command.ExecuteReader();

                while (dataReader.Read())

                    username = dataReader.GetString(3);
                    Session.Add("username", username);

            catch (Exception ex)

I had also come up with this. Can someone tell me if I'm doing the right thing?

Recommended Answers

All 2 Replies

Seems quite o.k. You should not store unencrypted plain text passwords for security reasons. And instead of "SELECT *" better "SELECT username,password" for performance reasons.

But when I tried running in browser, I had this error message - Incorrect syntax near the keyword 'User'

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.