Member Avatar for fairy1992224

I had created a registration page for users to sign up an account and a database to store all information such as username and password. I had also created a login page for users to login after registering an account. How do I link the database so that I will know that the particular user had keyed the correct password.

 protected void Button1_Click(object sender, EventArgs e)
        {

            string username = TextBox1.Text;
            string password = TextBox2.Text;
            SqlConnection connection = null;
            SqlCommand command = null;
            SqlDataReader dataReader = null;
            try
            {
                string connectionString = ConfigurationManager.ConnectionStrings["TestConnectionString"].ConnectionString;
                connection = new SqlConnection(connectionString);
                connection.Open();
                //prepare sql statements
                string sql = "SELECT * from Staff where username='" + username + "'And Password='" + password + "'";
                command = new SqlCommand(sql, connection);
                dataReader = command.ExecuteReader();

                while (dataReader.Read())
                {

                    username = dataReader.GetString(3);
                    Session.Add("username", username);

                }
                dataReader.Close();
            }
            catch (Exception ex)
            {
                Response.Write(ex.Message);
            }

I had also come up with this. Can someone tell me if I'm doing the right thing?

Edited by TrustyTony because: fixed formating
  • 2 Contributors
  • 2 Replies
  • 249 Views
  • 21 Hours Discussion Span
  • Latest Post Latest Post by fairy1992224

Recommended Answers

All 2 Replies

Member Avatar for smantscheff

Seems quite o.k. You should not store unencrypted plain text passwords for security reasons. And instead of "SELECT *" better "SELECT username,password" for performance reasons.

Member Avatar for fairy1992224

But when I tried running in browser, I had this error message - Incorrect syntax near the keyword 'User'

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.