Link to home
Start Free TrialLog in
Avatar of Nick1988
Nick1988

asked on

C# validation against text box entry for Login

Hi, I am currently Trying to authenticate my users against a database i have tried myself and after pressing the submit page nothing happens I have ran the sql query against my database and it returns the required information for my code. Any one got any idea why it isnt working

Working query provides the Answer 1
SELECT COUNT(*) FROM Students WHERE (StudentEmail = 'ssmith@gmail.com') AND (StudentPassword = 'cccc') 

Open in new window


C# code
    protected void lbtn_1_Click(object sender, ImageClickEventArgs e)
    {
        SqlConnection connection = null;
        try
        {
            // Conenction to the Database to check entry values against database
            string conn = ConfigurationManager.ConnectionStrings["MyString"].ConnectionString;
            connection = new SqlConnection(conn);

            connection.Open();
            SqlCommand studentpasscount = new SqlCommand ("SELECT COUNT(*) FROM Students WHERE (StudentEmail = '" +txtlogin.Text+ "') AND (StudentPassword = '" +txtpassword.Text+ "')");
            string Accounts = null;


            if (Accounts == "1")
            {
                Response.Redirect("StudentHomePage.aspx");
                
            }

            else if (Accounts == "0")
            {
                connection.Open();
                SqlCommand lecpasscount = new SqlCommand("SELECT COUNT(*) FROM Lecturers WHERE (LecturerEmail='" + txtlogin.Text + "') AND (LecturerPassword='" + txtpassword.Text + "')");
            }
            if (Accounts == "1")
            {
                Response.Redirect("LecturerHomePage.aspx");

            }

            else if (Accounts == "0")
            {
                connection.Open();
                SqlCommand adminpasscount = new SqlCommand("SELECT COUNT(*) FROM Administrators WHERE (AdminEmail='" + txtlogin.Text + "') AND (AdminPassword='" + txtpassword.Text + "')");
            }
            if (Accounts == "1")
            {
                Response.Redirect("AdminHomePage.aspx");

            }

            else if (Accounts == "0")
            {
                Response.Redirect("LoginError.aspx");
            }


         }
       
        finally
        {

            connection.Close();
        }

    }

Open in new window


txtlogin and txtpassword are the ID's of two textbox's i have on the page and the submit button is called lbtn_1


EDIT: forgot to add that i need it to cycle through the three tables checking against all of them before finally sending the user to the error page, the query at the top i used just as an example of finding a match in the student table.  Hope thats clear

Thanks for the help!
Nick
Avatar of s_chilkury
s_chilkury
Flag of United States of America image

I guess your string Accounts = null; needs to be set somewhere in the code when the query fetches records from DB.

This Accounts is been checked every where in the code.
Also,

For security reasons if you do nothing else you should really have your queries in a stored procedure.  Your login process at the moment could be really easy to hack.  
ASKER CERTIFIED SOLUTION
Avatar of Nick1988
Nick1988

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Nick1988
Nick1988

ASKER

Worked it out.