I know this question has been asked dozens of times, but the code I have been looking at has not helped me.

So far I have been able to connect to the string and the database from where I need to check the username, but in my page it is not checking whether the username is correct or not.

Please someone tell me what I am doing wrong and what I need to change to make this work, I have been on this for literally a week and still no success.

Thank you!

protected void Verify_Click(object sender, EventArgs e)
        {
            //connect to sql
            string ConnectString = "Data Source=sql12;Initial Catalog=import_log;Persist Security Info=True;User ID=sa;Password=password1";
            SqlConnection con = new SqlConnection(ConnectString);
            con.Open();

            string sql = "SELECT userID from from user_verification WHERE userID = '" + username;
            SqlCommand cmd = new SqlCommand(sql, con);
            SqlDataReader reader = cmd.ExecuteReader();
            while (reader.Read())
            {
                if (username.Text == "userID")
                {
                    Output.Text = "Correct username";
                }

                con.Close();
            }
        }

Are you sure that the "userID" column holds the user name?

instead of
string sql = "SELECT userID from from user_verification WHERE userID = '" + username;
do
string sql = "SELECT userID from from user_verification WHERE userID = '" + username.text;

instead of

if (username.Text == "userID")
                {
                    Output.Text = "Correct username";
                }

do:

if (username.Text == reader("userID"))
                {
                    Output.Text = "Correct username";
                }

and don't forget to close the reader after the while loop.

Will this same code work for the code-behind in asp.net?

I tried using reader in the if statement and I get an error saying that the reader variable is a variable being used like a method.

Are you sure that the "userID" column holds the user name?

instead of
string sql = "SELECT userID from from user_verification WHERE userID = '" + username;
do
string sql = "SELECT userID from from user_verification WHERE userID = '" + username.text;

instead of

if (username.Text == "userID")
                {
                    Output.Text = "Correct username";
                }

do:

if (username.Text == reader("userID"))
                {
                    Output.Text = "Correct username";
                }

and don't forget to close the reader after the while loop.

This question has already been answered. Start a new discussion instead.