protected void Button1_Click(object sender, EventArgs e){ con.Open(); S

1. protected void Button1_Click(object sender, EventArgs e)
2. {
3. con.Open();
4. SqlCommand cmd = con.CreateCommand();
5. cmd.CommandType = CommandType.Text;
6. cmd.CommandText = "select * from registration where email='"+ TextBox1.Text+"' and password='"+TextBox2.Text+"'";
7. cmd.ExecuteNonQuery();
8. DataTable dt = new DataTable();
9. SqlDataAdapter da = new SqlDataAdapter(cmd);
10. da.Fill(dt);
11. tot = Convert.ToInt32(dt.Rows.Count.ToString());
12.  
13. if (tot > 0)
14. {
15. if (Session["checkoutbutton"] == "yes")
16. {
17. Session["user"] = TextBox1.Text;
18. Response.Redirect("update_order_details.aspx");
19. }
20. else
21. {
22. Session["user"] = TextBox1.Text;
23. Response.Redirect("order_details.aspx");
24. }
25.  
26. }
27. else
28. {
29. Label1.Text = "Invalid email or password";
30. }
31. con.Close();
32.  
33. con.Open();
34. SqlCommand cmd1 = con.CreateCommand();
35. cmd1.CommandType = CommandType.Text;
36. cmd1.CommandText = "select * from admin_login where username='" + TextBox1.Text + "' and password='" + TextBox2.Text + "' ";
37. cmd1.ExecuteNonQuery();
38. DataTable dt1 = new DataTable();
39. SqlDataAdapter da1 = new SqlDataAdapter(cmd);
40. da1.Fill(dt);
41. i = Convert.ToInt32(dt.Rows.Count.ToString());
42. if (i == 1)
43. {
44. Session["admin"] = TextBox1.Text;
45. Response.Redirect("add_product.aspx");
46. }
47. else
48. {
49. Label1.Text = "you have entered invalid username or password";
50. }
51. con.Close();
52. }