Hi guys

I need help in creating login page for my web application.
There are two users who will login to the system: Admin and User

in my database I have UserID, Password and Type

for column Type i have 'Administrator' and 'Users'

This is what i'm doing, but it keep redirect to the User.aspx regardless i.m entering id and password for Administrator or Users..
i don't know how to do it.. anyone can help??

protected void Button1_Click(object sender, EventArgs e)
 {
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["UserConnectionString"].ConnectionString);
        con.Open();
        string cmdStr = "Select count(*) from [User] where UserID = '" + TextBox1.Text + "'";
        SqlCommand CheckUser = new SqlCommand(cmdStr, con);
        int temp = Convert.ToInt32(CheckUser.ExecuteScalar().ToString());

        if (temp == 1)
        {

    string cmdStr2 = "select Type from [User] where UserID='"+TextBox1.Text+"' AND Password = '"+TextBox2.Text+"'";
    SqlCommand cmd = new SqlCommand(cmdStr2, con);

    Object TypeUser = cmd.ExecuteScalar();
    con.Close();
    if(TypeUser != null)
    {
    Label1.Visible = false;
    Label1.Text = "";
    if(TypeUser.ToString() == "Administrator")
    Response.Redirect("Admin.aspx");
    else
    Response.Redirect("User.aspx");
    }
    else
    {
    Label1.Visible = true;
    Label1.Text = "Invalid Credentials Entered, Try again";
    }

In line 15 you create an object of type Object to hold the returned value from your sql statement. In Line 21 you call ToString(). Since it is of type Object, the value of ToString() will always be "System.Object". This doesn't match "Administrator" so you get the default User.aspx.

If your SQL statement is returning a string, store it in a String, not an Object.

thanks for your reply..
i changed my code

string TypeUser = cmd.ExecuteScalar().ToString();

but i still get the same result..

Again, ExecuteScalar returns an System.Object. If you call ToString() on it, you'll get "System.Object" as the result. You need to cast the result into a string
String typeUser = (String)cmd.ExecuteScalar();

Edited 4 Years Ago by Momerath

still got the same result
did i miss something..
sorry i'm really bad in coding

Have your run the code using the debugger? Highlight the line if(TypeUser != null) and press the F9 key. This will place a breakpoint on this line. Now press F5. Your code will run until it hits the breakpoint, then it will stop. On the bottom of the IDE you'll see a tab labeled 'locals'. Click on it and look for 'TypeUser' in the list. Expand it and see what the value you are getting. If you don't understand the issue then, come back here and post what you found.

This article has been dead for over six months. Start a new discussion instead.