regarding datareader

Posted by Webmaster under ASP.NET on 9/6/2008 | Views : 2178 | Status : [Administrator] | Replies : 5
hai, i have a problem below this
protected void Button1_Click(object sender, EventArgs e)
{
int a = 0;
SqlConnection con = new SqlConnection("initial catalog=rajitha;data source=sys01;user id=sa");
con.Open();
// SqlDataReader dr =null;
SqlCommand cmd=new SqlCommand();
cmd.CommandType = System.Data.CommandType.Text;
cmd.Connection = con;
cmd.CommandText ="select Emailid,password from tb_registration where Emailid='"+TextBox1.Text+"' and password='"+TextBox2.Text+"'";
SqlDataReader dr = cmd.ExecuteReader();
if (dr.HasRows)
{
Server.Transfer("Default2.aspx");
}
else
{

Console.WriteLine("you have entered incorrect username,password");
a = a + 1;
}
if (a > 3)
{
Server.Transfer("Default5.aspx");
}

// Server.Transfer("Default2.aspx");
con.Close();
}
this code is for displaying captcha image but i didn't get captcha image when i entered incorrect uname,password.captcha image in default.aspx page and also
i didn't get any error message when i entered incorrect data in textbox comparing with database table.is there any wrong in coding .give reply with relevant information which may help to correct my problem.

Best regards,
Webmaster
http://www.dotnetfunda.com



Responses

Posted by: Webmaster on: 9/6/2008 [Administrator] HonoraryPlatinum

Up
0
Down
hi Your Code is a little bit messy. You open your Connection in Wrong places. The logic you are using for login Screen is a bit cumbasome. Why dont you do the Following Write a StoredProcedure that returns a Count of Records returned where Username = @Username and Password = Password , and the SP returns > 0, then you can Show your page else , Disaply the Message Invalid Login. Next time you must Open your connection when you are about to execute a command not anywhere.

Hope it helps

______________________________
Posted on behalf of Vuyiswamb

Best regards,
Webmaster
http://www.dotnetfunda.com

Webmaster, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Webmaster on: 9/6/2008 [Administrator] HonoraryPlatinum

Up
0
Down
Instead of using ExecuteReader() use ExecuteScalar() and check for null value. like

object obj = cmd.ExecuteScalar() if (obj != null) { Server.Transfer("Default2.aspx"); } Else { //Whatver }



To avoid Sql Injection, use Parameterized statement.

_________________________________
Posted on behalf of Poster

Best regards,
Webmaster
http://www.dotnetfunda.com

Webmaster, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Webmaster on: 9/6/2008 [Administrator] HonoraryPlatinum

Up
0
Down
the code which you have used for the connections was not that much clear.To be clear you can use sp and authentication cookies for validating the user crediantials.


Thanx

_________________________
Posted on behalf of Majith



Best regards,
Webmaster
http://www.dotnetfunda.com

Webmaster, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Webmaster on: 9/6/2008 [Administrator] HonoraryPlatinum

Up
0
Down
use the following code



using System;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Web.Mail;

partial class testmail
{ private void cmdSend_Click(object sender, System.EventArgs e)
{
MailMessage msg = new MailMessage(); msg.Subject = "Dotnetfunda"; msg.Body = "questions by: " + txtname.Text + "\n"; msg.Body += txtinfo.Text; msg.From = txtsender.Text; msg.To = "urname@urmailser.com"; if (chkPriority.Checked) msg.Priority = MailPriority.High; SmtpMail.SmtpServer = "localhost"; SmtpMail.Send(msg); Result.Text="mail sent successfully .";

}
}



______________________________
Posted on behalf of Majith

Best regards,
Webmaster
http://www.dotnetfunda.com

Webmaster, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Webmaster on: 9/6/2008 [Administrator] HonoraryPlatinum

Up
0
Down
To ad Majith's answer, Just in case you will be looking for forms authentication or how to authenticate users, you can visit http://dotnetfunda.com/articles/article114.aspx. Thanks

____________________________
Posted on behalf of Poster

Best regards,
Webmaster
http://www.dotnetfunda.com

Webmaster, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response