I had created a registration page for users to sign up an account and a database to store all information such as username and password. I had also created a login page for users to login after registering an account. How do I link the database so that I will know that the particular user had keyed the correct password.
protected void Button1_Click(object sender, EventArgs e)
{
string username = TextBox1.Text;
string password = TextBox2.Text;
SqlConnection connection = null;
SqlCommand command = null;
SqlDataReader dataReader = null;
try
{
string connectionString = ConfigurationManager.ConnectionStrings["TestConnectionString"].ConnectionString;
connection = new SqlConnection(connectionString);
connection.Open();
//prepare sql statements
string sql = "SELECT * from Staff where username='" + username + "'And Password='" + password + "'";
command = new SqlCommand(sql, connection);
dataReader = command.ExecuteReader();
while (dataReader.Read())
{
username = dataReader.GetString(3);
Session.Add("username", username);
}
dataReader.Close();
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
I had also come up with this. Can someone tell me if I'm doing the right thing?