I am trying to create a login page. I have a database table called Login, and it has two columns: ID and Password. It has the following ID and Password pairs in it: First row:(13282,123456), Second Row:(11111,11111). If username and password is right, i redirect page to succesful.aspx, if either username or password is wrong, i redirect page to unsuccesful.aspx. My problem is, When i enter 13283 as ID and 123456 as password, it does everything right, i am redirected to succesful page. But when i enter ID=11111 and Password=11111 even though everything is true, it redirects to unsuccesful page. I think the problem is, my query only checks the first row. Here is the code:
protected void loginButton_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection();
con.ConnectionString = "Data Source=.\\SQLEXPRESS;Initial Catalog=University;Integrated Security=True;Pooling=False";
Int32 verify;
string query1 = "Select count(*) from Login where ID='" + idBox.Text + "' and Password='" + passwordBox.Text + "' ";
SqlCommand cmd1 = new SqlCommand(query1, con);
con.Open();
verify = Convert.ToInt32(cmd1.ExecuteScalar());
con.Close();
if (verify > 0)
{
Response.Redirect("succesful.aspx");
}
else
{
Response.Redirect("unsuccesful.aspx",true);
}
}
Several things are wrong with this approach:
You should study the answers to this question . The approaches discussed there are not nearly as simple as what you are implementing, but they make your system a lot more bullet-proof.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.