code the login.aspx

Results 1 to 2 of 2

Thread: code the login.aspx

  1. #1
    Join Date
    Dec 1969

    Default code the login.aspx

    I am trying to authenticate user against my sql database. the connection working ok. I can not compare the txtUsername with the reader.getstring. I am not sure if I am doing right. the code running in login.aspx.vb. <BR>I put the username as user (which match the database name) and click submit, but I get the "wrong!" in my textbox instead the username. <BR><BR>some how the asp .net can not compare the 2 strings. I hope some one have an answer for me :)<BR><BR>Thanks <BR><BR>Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click<BR><BR> Dim strConn As String = ConfigurationSettings.AppSettings("EFT")<BR> Dim ObjConn As New SqlConnection(strConn)<BR> Dim mysql As String = "select * from staff "<BR> Dim objCmd As New SqlCommand(mysql, ObjConn)<BR><BR> Dim test As String<BR> ObjConn.Open()<BR> Dim reader As SqlDataReader = objCmd.ExecuteReader()<BR> reader.Read()<BR> If UCase(txtUserName.Text) = UCase(reader.GetString(1)) Then<BR><BR> txtUserName.Text = reader.GetString(1)<BR> &#039;Response.Redirect("login.aspx?test=" & test)<BR><BR> Else<BR> txtUserName.Text = UCase("wrong!")<BR> &#039; Response.Redirect("login.aspx?test=" & test)<BR><BR><BR><BR> End If<BR><BR> reader.Close()<BR> ObjConn.Close()<BR><BR><BR><BR><BR><BR><BR> End Sub

  2. #2
    Join Date
    Dec 1969

    Default Why don't you do it..

    .. in the SQL statement?<BR><BR>Dim mysql As String = "select * from staff where user = &#039;" & txtUserName.Text.Replace("&#039;", "&#039;&#039;") & "&#039;"<BR><BR>Then, your check is simply:<BR>Dim reader As SqlDataReader = objCmd.ExecuteReader()<BR>If reader.Read() Then<BR> txtUserName.Text = "GOOD"<BR>Else<BR> txtUserName.Text = "You, bad, bad boy. Let daddy spank you."<BR>End If

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts