Untitled

protected void loginbutton_Click(object sender, EventArgs e)
    {
        string UsernameRegex = "[a-zA-Z]+";
        string PasswordRegex = "[a-zA-Z0-9]+";

        if (!Regex.IsMatch(usernametextbox.Text, UsernameRegex))
        {
            string UsernameCheck = "valid";
        }
        else
        {
            string UsernameCheck = "invalid";
        }

        if (!Regex.IsMatch(passwordtextbox.Text, PasswordRegex))
        {
            string PasswordCheck = "valid";
        }
        else
        {
            string PasswordCheck = "invalid";
        }


        if(UsernameCheck = "valid") //i will include password here after i solved the problem
        {
            //do something
        }
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString);
            conn.Open();
            string checkuser = "select count(*) from Users where Username = @username and Password = @password";

            SqlCommand com = new SqlCommand(checkuser, conn);
            com.Parameters.Add("@username", SqlDbType.NVarChar).Value = usernametextbox.Text;
            com.Parameters.Add("@password", SqlDbType.NVarChar).Value = passwordtextbox.Text;

            int temp = Convert.ToInt32(com.ExecuteScalar().ToString());

            if (temp > 0)
            {
                Response.Redirect("Cars.aspx");
            }
            else
            {
                loginfaillabel.Text = "Your Username or Password doesn't match our records";
            }
        }

protected void loginbutton_Click(object sender, EventArgs e)
{
    string UsernameRegex = "[a-zA-Z]+";
    string PasswordRegex = "[a-zA-Z0-9]+";

    boolean isUsernameValid = Regex.IsMatch(usernametextbox.Text, UsernameRegex)
    boolean isPasswordValid = Regex.IsMatch(passwordtextbox.Text, PasswordRegex);


    if(!isUsernameValid || !isPasswordValid) //i will include password here after i solved the problem
    {
        //do something
    }
    else
    {
        const string checkuser = "SELECT 1 FROM Users WHERE Username = @username and Password = @password";

        using(SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
        using(SqlCommand com = new SqlCommand(checkuser, conn))
        {
            conn.Open();

            com.Parameters.Add("@username", SqlDbType.NVarChar).Value = usernametextbox.Text;
            com.Parameters.Add("@password", SqlDbType.NVarChar).Value = passwordtextbox.Text;

            object temp = com.ExecuteScalar();

            // I do not remember if it is null or System.DbNull.Value that is returned if nothing is returned
            // you will have to test it
            var didUserMatch = temp == null || temp == System.DbNull.Value ? false : true;

            if (didUserMatch)
            {
                Response.Redirect("Cars.aspx");
            }
            else
            {
                loginfaillabel.Text = "Your Username or Password doesn't match our records";
            }
        }
    }
}

bool UsernameCheck = false; // better name for this is isUsernameValie

    if (!Regex.IsMatch(usernametextbox.Text, UsernameRegex))
    {
        UsernameCheck = true;
    }
    else
    {
        UsernameCheck = false;
    }

    bool PasswordCheck = false;// better name for this is isPasswordValid
    if (!Regex.IsMatch(passwordtextbox.Text, PasswordRegex))
    {
         PasswordCheck = true;
    }
    else
    {
        PasswordCheck = false;
    }


    if (UsernameCheck == true) //i will include password here after i solved the problem
    {
        //do something
    }
    SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString);
    conn.Open();
    string checkuser = "select count(*) from Users where Username = @username and Password = @password";

    SqlCommand com = new SqlCommand(checkuser, conn);
    com.Parameters.Add("@username", SqlDbType.NVarChar).Value = usernametextbox.Text;
    com.Parameters.Add("@password", SqlDbType.NVarChar).Value = passwordtextbox.Text;

    int temp = Convert.ToInt32(com.ExecuteScalar().ToString());

    if (temp > 0)
    {
        Response.Redirect("Cars.aspx");
    }
    else
    {
        loginfaillabel.Text = "Your Username or Password doesn't match our records";
    }
}

protected void loginbutton_Click(object sender, EventArgs e)
    {
        string UsernameRegex = "[a-zA-Z]+";
        string PasswordRegex = "[a-zA-Z0-9]+";

        var userName = usernametextbox.Text;
        var password = passwordtextbox.Text;

        if (!Regex.IsMatch(userName, UsernameRegex))
        {
            // do something
            return; // There is no need to go on
        }

        if(!Regex.IsMatch(password, PasswordRegex))
        {
            // do something
            return; // There is no need to go on
        }

        //If we can come here, we can go DB

        // To be dispose when the job is done
        using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
        {

            try
            {
                // To be dispose when the job is done
                using (SqlCommand com = new SqlCommand(checkuser, conn))
                {
                    conn.Open();
                    string checkuser = "select count(*) from Users where Username = @username and Password = @password";
                    com.Parameters.Add("@username", SqlDbType.NVarChar).Value = userName;
                    com.Parameters.Add("@password", SqlDbType.NVarChar).Value = password;
                    int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
                    if (temp > 0)
                    {
                        Response.Redirect("Cars.aspx");
                    }
                    else
                    {
                        loginfaillabel.Text = "Your Username or Password doesn't match our records";
                    }
                }
            }
            catch (Exception ex)
            {

                // you can handle error. maybe logs
            }
        }
    }

<p>Username (Alphabetic only, no spaces):<br />
    <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
    <asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ControlToValidate="TextBox1" Display="Dynamic" ErrorMessage="Username is required"></asp:RequiredFieldValidator>
    <asp:RegularExpressionValidator ID="NameValidator" runat="server" ControlToValidate="TextBox1" Display="Dynamic" ErrorMessage="Invalid - Alaphabetic only" ValidationExpression="[a-zA-Z]+" EnableClientScript="True"></asp:RegularExpressionValidator>
</p>
<p>Password (Alphanumeric only, no spaces):<br />
    <asp:TextBox ID="TextBox2" runat="server"></asp:TextBox>
    <asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server" ControlToValidate="TextBox2" Display="Dynamic" ErrorMessage="Password is required"></asp:RequiredFieldValidator>
    <asp:RegularExpressionValidator ID="PwdValidator" runat="server" ControlToValidate="TextBox2" Display="Dynamic" ErrorMessage="Invalid -Alphanumeric Only" ValidationExpression="[w]+" EnableClientScript="True"></asp:RegularExpressionValidator>
</p>
<p>
    <asp:Button ID="Button1" runat="server" OnClick="BtnSubmit" Text="Login" />
</p>

public partial class foo: Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }

    protected void BtnSubmit(object sender, EventArgs e)
    {
        if (Page.IsValid)
        {
            //Do what you need to do only if IsValid which is the server-side validation check
        }
    }
}