hi to all this is my script for login means somebody wants to acess the private folder first it say to login then it redirect o requested page

but ther is error when i submit the button please help me i take more than 26 hours but i am unable to debug this


following is the error

An expression of non-boolean type specified in a context where a condition is expected, near 'AND'.

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="login.aspx.cs" Inherits="login_login" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Data" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    <br />
    username<br />
   
    <asp:TextBox ID="usernametextbox" runat="server"></asp:TextBox>
 
     
    <br /><p>
    password<br />
    <asp:TextBox ID="passwordtextbox" runat="server" TextMode="Password">Password</asp:TextBox>
    
     
    </p>
        <p>
            <asp:Label ID="Label" runat="server" ></asp:Label>
     
    </p>
    <asp:Button ID="submit" Text="submit" runat="server" onclick="submit_Click" />
    </div>
    </form>
</body>
</html>
using System; 
using System.Configuration; 
using System.Data; 
using System.Linq; 
using System.Web; 
using System.Web.Security; 
using System.Web.UI; 
using System.Web.UI.HtmlControls; 
using System.Web.UI.WebControls; 
using System.Web.UI.WebControls.WebParts; 
using System.Xml.Linq; 
using System.Data.SqlClient;

public partial class login_login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void submit_Click(object sender, EventArgs e)
    {

       
        
        SqlDataReader reader;
        SqlConnection conn = new SqlConnection(
"Server=localhost\\Sql2005;Database=ram;" +
"Integrated Security=True");

        string cmdstring = "SELECT [password] FROM [users] WHERE" + "(([username=@username]) + ([password=@password]))";
        SqlCommand cmd;
        cmd = new SqlCommand(cmdstring, conn);
        cmd.Parameters.Add("@username",SqlDbType.VarChar, 50);
        cmd.Parameters["@username"].Value = usernametextbox.Text;
        cmd.Parameters.Add("@password", SqlDbType.VarChar, 50);
        cmd.Parameters["@password"].Value = passwordtextbox.Text;

        conn.Open();
        reader = cmd.ExecuteReader();

        if (reader.Read())
        {
            FormsAuthentication.RedirectFromLoginPage(usernametextbox.Text, false);
        }
        else
        {
            Response.Write("invalid credentials");
        }
        reader.Close();
             

    
         }


}

Hi,

You can do the following modification in the query as,

string cmdstring = "SELECT [password] FROM [users] WHERE" + " [username]=@username and [password]=@password";

I have tried with this change and it works.

Thank you.

Hi,

You can do the following modification in the query as,

string cmdstring = "SELECT [password] FROM [users] WHERE" + " [username]=@username and [password]=@password";

I have tried with this change and it works.

Thank you.

thanks it is solved now,bro you are amazing

You are really amazing!!

commented: Unnecessary post with unrelated comment... +0

Thank you Nandux....for code

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.