protected void Btnlogin_Click(object sender, EventArgs e) { //when y

1. protected void Btnlogin_Click(object sender, EventArgs e)
2. {
3. //when you noticed..I split dbprovider and dbsource,
4. //actually you can combined them without having
5. //concatenation.
6. string dbProvider = "PROVIDER = Microsoft.Jet.OLEDB.4.0;";
7. string dbSource = "Data Source = C:\\account.mdb";
8.  
9.  
10. OleDbConnection con = new OleDbConnection(dbProvider + dbSource);
11.  
12. string sql = "SELECT * FROM tblaccount WHERE Username = '" + txtusername.Text +
13. "' AND Password = '" + txtpassword.Text +
14. "' AND UserLevel = '" + DropDownList1.Text + "'";
15.  
16. OleDbCommand cmd = new OleDbCommand(sql, con);
17. con.Open();
18.  
19. OleDbDataReader sdr = cmd.ExecuteReader();
20.  
21. string userlevel; //variable declaration for the user
22.  
23. userlevel = DropDownList1.SelectedItem.Text.ToString();
24.  
25.  
26. if (sdr.HasRows == true) //determine if the data has rows
27. {
28. switch (userlevel)//reads the username if it is equal to the given username
29. {
30. case "User"://if sprint username was input, Loginforsprint.asp web form
31. Response.Redirect("~/Loginforuser.aspx");
32. break;
33. case "Admin":
34. Response.Redirect("~/Loginforadmin.aspx");
35. break;
36. }
37.  
38. }
39. else
40. {
41. lblerror.Text = "Invalid data!!";
42.  
43. }
44.  
45.  
46. }