0

For my sign up page, i want detect user exist so that no repeated username. BUT fail. There is no error in my coding. BUT cannot detect....

HELP. tHAnk you

if (IsPostBack)
            {
                SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["RegConnectionString"].ConnectionString);
                con.Open();
                string cmdStr = "Select count(*) from Reg where Username = '" + txtUsername.Text + "'";

                SqlCommand userExist = new SqlCommand(cmdStr, con);
                int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());

                con.Close();

                if (temp == 1)
                {
                    Label5.Visible=true;

                }

            }
4
Contributors
4
Replies
5
Views
5 Years
Discussion Span
Last Post by __avd
1

First off, debug your code and see what value is being put into temp. If the user name was in your database twice then temp would be more than 1, if it isn't there at all then temp won't be 1 either.

Votes + Comments
tq...
0
 Hi hericles, i can't get what you mean... Below is my full coding... thanks

 protected void Page_Load(object sender, EventArgs e)
    {
        if (IsPostBack)
        {
            SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["RegConnectionString"].ConnectionString);
            con.Open();
            string cmdStr = "Select count(*) from Reg where EmailAddress = '" + txtEmail.Text + "'";

            SqlCommand userExist = new SqlCommand(cmdStr, con);
            int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());

            con.Close();

            if (temp == 1)
            {
                Label5.Visible=true;

            }

        }
    }
    protected void btnSignUp_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["RegConnectionString"].ConnectionString);
        con.Open();
        string insCmd = "Insert into Reg (Username, FullName, EmailAddress, PhoneNumber, Password, State) values (@Username, @FullName, @EmailAddress, @PhoneNumber, @Password, @State)";
        SqlCommand insertUser = new SqlCommand(insCmd, con);
        insertUser.Parameters.AddWithValue("@Username", txtUsername.Text);
        insertUser.Parameters.AddWithValue("@FullName", txtFullname.Text);
        insertUser.Parameters.AddWithValue("@EmailAddress", txtEmail.Text);
        insertUser.Parameters.AddWithValue("@PhoneNumber", txtPhone.Text);
        insertUser.Parameters.AddWithValue("@Password", txtPassword.Text);
        insertUser.Parameters.AddWithValue("@State", DropDownListState.SelectedItem.ToString());


        try
        {
            insertUser.ExecuteNonQuery();
            con.Close();
            Response.Write("<script>alert('Sign Up Successfully')</script>");
            Response.Redirect("Login.aspx");

        }

        catch (Exception)
        {
            Label6.Visible = true;

        }

        finally
        {

        }
    }
1

What hericles means is that just simply check to see what is being stored in temp. do a response.write or assign the value to a control.

The reason is that according to your code the if..then will only be true if temp equals 1. What about if you had two accounts, then it would be false, but that would not be desireable because you would create a third account. This is a logic problem, not a coding syntax issue.

Votes + Comments
tq...
1

What will happen when a user type following in the TextBox:

hello' or '1'='1

One must have to avoid the SQL Injection by creating stored procedure or parameterized query.

string cnstr=ConfigurationManager.ConnectionStrings["RegConnectionString"]
                                        .ConnectionString;
bool found=false;
using(SqlConnection con = new SqlConnection(cnstr))
 {
   string cmdStr = "Select username from Reg where Username = @username";
  using(SqlCommand userExist = new SqlCommand(cmdStr, con))
   {
     con.Open();
     object result=userExist.ExecuteScalar();
     if(result!=null)
       found=true;
    }
 }
 if(found)
    //
else
    //
Votes + Comments
tq...
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.