Sessions and sqlsyntax, how to add a session to a login authenticate methodusi

1. Sessions and sqlsyntax, how to add a session to a login authenticate method
2. using System;
3. using System.Data;
4. using System.Collections.Generic;
5. using System.Linq;
6. using System.Web;
7. using System.Web.UI;
8. using System.Web.UI.WebControls;
9. using System.Data.Odbc;
10. using System.Data.SqlClient;
11.  
12. public partial class Default2 : System.Web.UI.Page
13. {
14. protected void Page_Load(object sender, EventArgs e)
15. {
16. Login1.Authenticate += Login1_Authenticate;
17. }
18. protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
19. {
20. //database connection string
21. OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite; User=x; Password=x; OPTION=3;");
22. cn.Open();
23. OdbcCommand cmd = new OdbcCommand("Select * from User where username=? and password=?", cn);
24.  
25. //Select the username and password from mysql database in login table
26.  
27. cmd.Parameters.Add("@username", OdbcType.VarChar);
28. cmd.Parameters["@username"].Value = this.Login1.UserName;
29.  
30. cmd.Parameters.Add("@password", OdbcType.VarChar);
31. cmd.Parameters["@password"].Value = this.Login1.Password;
32. //use asp login control to check username and password
33.  
34. Session["UserID"] = "usrName";
35. //set the UserID from the User Table unsure how to add this to the sql syntax above
36.  
37. OdbcDataReader dr = default(OdbcDataReader);
38. // Initialise a reader to read the rows from the login table.
39. // If row exists, the login is successful
40.  
41. dr = cmd.ExecuteReader();
42. if (dr.Read())
43. {
44. e.Authenticated = true;
45. Response.Redirect("UserProfileWall.aspx");
46. // Event Authenticate is true forward to user profile
47. }
48.  
49. }
50.  
51. }
52.  
53. using System;
54. using System.Collections.Generic;
55. using System.Linq;
56. using System.Web;
57. using System.Web.UI;
58. using System.Web.UI.WebControls;
59. using System.Data.Odbc;
60.  
61. public partial class UserProfile : System.Web.UI.MasterPage
62. {
63. protected void Page_Load(object sender, EventArgs e)
64. {
65. string usrName = Convert.ToString(Session["UserID"]);
66. Label1.Text = Convert.ToString(usrName);
67. //test to see if session on login page is passing
68.  
69. OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite; User=x; Password=x;");
70. cn.Open();
71.  
72. OdbcCommand cmd = new OdbcCommand("SELECT User.FirstName, User.SecondName, User.Aboutme, User.DOB, Pictures.picturepath FROM User LEFT JOIN Pictures ON User.UserID = Pictures.UserID WHERE User.UserID=1", cn);
73. OdbcDataReader reader = cmd.ExecuteReader();
74. while (reader.Read())
75. {
76. Name.Text = String.Format("{0} {1}", reader.GetString(0), reader.GetString(1));
77. Aboutme.Text = String.Format("{0}", reader.GetString(2));
78. Age.Text = String.Format("{0}", reader.GetString(3));
79. Image1.ImageUrl = String.Format("{0}", reader.GetString(4));
80. }
81.  
82.  
83. }
84. }
85.  
86. OdbcCommand cmd = new OdbcCommand("Select UserId from User where username=? and password=?", cn);
87.  
88. dr = cmd.ExecuteReader();
89. if (dr.Read())
90. {
91. Session["UserID"] = dr["UserId"];
92. e.Authenticated = true;
93. Response.Redirect("UserProfileWall.aspx");
94. // Event Authenticate is true forward to user profile
95. }
96.  
97. OdbcDataReader dr = default(OdbcDataReader); // assigns null to dr
98. dr = cmd.ExecuteReader(); // reference to a new reader instance is assigned to dr
99.  
100. OdbcDataReader dr = cmd.ExecuteReader(); // reference to a new reader instance is assigned to dr