Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- protected void Button1_Click(object sender, EventArgs e)
- {
- String CS = ConfigurationManager.ConnectionStrings["StegoDatabaseConnectionString1"].ConnectionString;
- using (SqlConnection con = new SqlConnection(CS))
- {
- //SqlCommand cmd = new SqlCommand("select * from userInfo where UserName='" + UserName.Text + "' and Password='" + Password.Text + "'", con);
- SqlCommand cmd = new SqlCommand("select * from userInfo where UserName = @username '" + "' and Password = @password'" + "'", con);
- cmd.Parameters.AddWithValue("@username ", UserName.Text); //SQL injetion Protection
- cmd.Parameters.AddWithValue("@password ", Password.Text); //SQL injection protection
- con.Open();
- SqlDataAdapter sda = new SqlDataAdapter(cmd);
- DataTable dt = new DataTable();
- sda.Fill(dt);
- if (dt.Rows.Count != 0)
- {
- Button1.PostBackUrl = "HomePage.aspx";
- }
- else
- {
- LabelError.Text = "Invalid Username or Password ! ";
- }
- }
- }
Add Comment
Please, Sign In to add comment