For my sign up page, i want detect user exist so that no repeated username. BUT fail. There is no error in my coding. BUT cannot detect....

HELP. tHAnk you

if (IsPostBack)
            {
                SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["RegConnectionString"].ConnectionString);
                con.Open();
                string cmdStr = "Select count(*) from Reg where Username = '" + txtUsername.Text + "'";

                SqlCommand userExist = new SqlCommand(cmdStr, con);
                int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());

                con.Close();

                if (temp == 1)
                {
                    Label5.Visible=true;

                }

            }

First off, debug your code and see what value is being put into temp. If the user name was in your database twice then temp would be more than 1, if it isn't there at all then temp won't be 1 either.

commented: tq... +0

 Hi hericles, i can't get what you mean... Below is my full coding... thanks

 protected void Page_Load(object sender, EventArgs e)
    {
        if (IsPostBack)
        {
            SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["RegConnectionString"].ConnectionString);
            con.Open();
            string cmdStr = "Select count(*) from Reg where EmailAddress = '" + txtEmail.Text + "'";

            SqlCommand userExist = new SqlCommand(cmdStr, con);
            int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());

            con.Close();

            if (temp == 1)
            {
                Label5.Visible=true;

            }

        }
    }
    protected void btnSignUp_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["RegConnectionString"].ConnectionString);
        con.Open();
        string insCmd = "Insert into Reg (Username, FullName, EmailAddress, PhoneNumber, Password, State) values (@Username, @FullName, @EmailAddress, @PhoneNumber, @Password, @State)";
        SqlCommand insertUser = new SqlCommand(insCmd, con);
        insertUser.Parameters.AddWithValue("@Username", txtUsername.Text);
        insertUser.Parameters.AddWithValue("@FullName", txtFullname.Text);
        insertUser.Parameters.AddWithValue("@EmailAddress", txtEmail.Text);
        insertUser.Parameters.AddWithValue("@PhoneNumber", txtPhone.Text);
        insertUser.Parameters.AddWithValue("@Password", txtPassword.Text);
        insertUser.Parameters.AddWithValue("@State", DropDownListState.SelectedItem.ToString());


        try
        {
            insertUser.ExecuteNonQuery();
            con.Close();
            Response.Write("<script>alert('Sign Up Successfully')</script>");
            Response.Redirect("Login.aspx");

        }

        catch (Exception)
        {
            Label6.Visible = true;

        }

        finally
        {

        }
    }

What hericles means is that just simply check to see what is being stored in temp. do a response.write or assign the value to a control.

The reason is that according to your code the if..then will only be true if temp equals 1. What about if you had two accounts, then it would be false, but that would not be desireable because you would create a third account. This is a logic problem, not a coding syntax issue.

commented: tq... +0

What will happen when a user type following in the TextBox:

hello' or '1'='1

One must have to avoid the SQL Injection by creating stored procedure or parameterized query.

string cnstr=ConfigurationManager.ConnectionStrings["RegConnectionString"]
                                        .ConnectionString;
bool found=false;
using(SqlConnection con = new SqlConnection(cnstr))
 {
   string cmdStr = "Select username from Reg where Username = @username";
  using(SqlCommand userExist = new SqlCommand(cmdStr, con))
   {
     con.Open();
     object result=userExist.ExecuteScalar();
     if(result!=null)
       found=true;
    }
 }
 if(found)
    //
else
    //
commented: tq... +0