protected void Page_Load(object sender, EventArgs e) {

1. protected void Page_Load(object sender, EventArgs e)
2. {
3. if (!IsPostBack)
4. {
5. usernameLabel.Text = Session["UserName"] as String;
6. passwordTextBox.Text = Session["Password"] as String;
7.  
8. SqlConnection con = new SqlConnection();
9. con.ConnectionString = "Data Source=itksqlexp8; ; Initial Catalog=mmartza_ConservationSchool;Integrated Security=True;Pooling=False";
10. con.Open();
11.  
12. //SqlCommand cmd = new SqlCommand("Select firstName from users where username='" + usernameLabel.Text + "' and password='" + passwordTextBox.Text + "' ", con);
13.  
14. //SqlDataReader DR1 = cmd.ExecuteReader();
15. //if (DR1.Read())
16. //{
17. // firstNameTextBox.Text = DR1.GetValue(0).ToString();
18. //}
19. SqlCommand cmd = new SqlCommand("Select * from users where username='" + usernameLabel.Text + "' and password='" + passwordTextBox.Text + "' ", con);
20.  
21. SqlDataReader DR1 = cmd.ExecuteReader();
22. if (DR1.Read())
23. {
24. usernameLabel.Text = DR1.GetValue(0).ToString();
25. firstNameTextBox.Text = DR1.GetValue(1).ToString();
26. lastNameTextBox.Text = DR1.GetValue(2).ToString();
27. addressTextBox.Text = DR1.GetSqlValue(3).ToString();
28. passwordTextBox.Text = DR1.GetSqlValue(4).ToString();
29. verifyPasswordTextBox.Text = DR1.GetSqlValue(4).ToString();
30. homePhoneNumberTextBox.Text = DR1.GetValue(5).ToString();
31. cellPhoneNumberTextBox.Text = DR1.GetSqlValue(6).ToString();
32.  
33. }
34.  
35. con.Close();
36. }
37.  
38.  
39. }
40.  
41. protected void updateButton_Click(object sender, EventArgs e)
42.  
43. {
44.  
45.  
46. SqlConnection con = new SqlConnection();
47. con.ConnectionString = "Data Source=itksqlexp8; ; Initial Catalog=mmartza_ConservationSchool;Integrated Security=True;Pooling=False";
48. //con.Open();
49. //SqlCommand cmd = new SqlCommand("Update users set firstName='" + firstNameTextBox.Text + "' where username='" + usernameLabel.Text + "'", con);
50. //cmd.Parameters.AddWithValue("@firstName", firstNameTextBox.Text);
51. //cmd.ExecuteNonQuery();
52. //con.Close();
53. //int rowsAffected = -1;
54.  
55. //string firstName = firstNameTextBox.Text;
56. string username = usernameLabel.Text;
57.  
58. SqlCommand cmd = new SqlCommand("UPDATE users SET firstName = @firstName, lastName = @lastName, address = @address, cellphone = @cellphone, homephone = @homephone WHERE username ='" + username + "' ", con);
59. cmd.Parameters.AddWithValue("@firstName", firstNameTextBox.Text);
60. // cmd.Parameters.AddWithValue("firstName", firstNameTextBox.Text);
61. cmd.Parameters.AddWithValue("@lastName", lastNameTextBox.Text);
62. cmd.Parameters.AddWithValue("@address", addressTextBox.Text);
63. cmd.Parameters.AddWithValue("@cellPhone", cellPhoneNumberTextBox.Text);
64. cmd.Parameters.AddWithValue("@homePhone", homePhoneNumberTextBox.Text);
65. //cmd.Parameters.AddWithValue("username", usernameLabel.Text);
66.  
67. try
68. {
69.  
70. System.Data.SqlClient.SqlDataReader reader;
71.  
72. // open a connection with sqldatabase
73. con.Open();
74.  
75. // execute sql command and store a return values in reade
76. reader = cmd.ExecuteReader();
77. errorLabel.Text = "Account has been updated";
78.  
79.  
80. //rowsAffected = cmd.ExecuteNonQuery();
81. // cmd.Dispose();
82.  
83. }
84. catch (Exception ex)
85. {
86. errorLabel.Text = "Error: " + ex.Message;
87.  
88. con.Close();
89. }
90.  
91. //rowsAffected.Equals(1);
92.  
93.  
94.  
95.  
96.  
97. // Server.Transfer("Homepage.aspx", true);
98. }
99.  
100. }
101. }