stackoom
  简体   繁体   中英

insert data from database to textbox C#

 原文  2017-05-30 10:14:55       c#/ asp.net/ database/ textbox

Question

I have 2 textboxes and 2 labels.

label: UserID & ACCType.

textbox: Email & Password.

I want to find data from the textboxes and then insert data from the database into the 2 labels.

so, in other words, I would like to collect the email and password in the textboxes. from this information, i want to then insert the ID and AccountType in the labels. what am I doing wrong? 

        protected void Login_Click(object sender, EventArgs e)
    {
        string UID = UserID.Text;
        string AType = AccType.Text;
        string Email = Email.Text;
        string Password = Password.Text;

        SqlConnection con = new SqlConnection();
        con.ConnectionString = "Data Source=sql2016.fse.network;Initial Catalog=db_1518393_fse_rec; User ID=user_db_1518393_fse_rec; Password=P@55word;";

        Int32 verify;
        string query1 = "Select * from Accounts where Email='" + Email.Text + "' and Password='" + Password.Text + "' ";
        SqlCommand cmd1 = new SqlCommand(query1, con);
        con.Open();
        verify = Convert.ToInt32(cmd1.ExecuteScalar());
        con.Close();
        if (verify > 0)
        {
            //successful
            ErrorMessage.Text += "Logging in...";
            //Response.Redirect("succesful.aspx");

            //display User ID & Account Type


            string query2 = "INSERT * from Accounts where Email='" + Email.Text + "' and Password='" + Password.Text + "' + ID + AccountType";
            //string query2 = "Select Email, Password, ID, AccountType from Accounts(Email, Password, ID, AccountType) " + "Values('" + Email + "', '" + Password + "', '" + UID + "', '" + AType + "')";

        }
        else
        {
            //unsuccessful
            //Response.Redirect("unsuccesful.aspx", true);
            ErrorMessage.Text += "Email or Password incorrect! Please try again.";
        }

    }

3 answers

solution1
 0  2017-05-30 10:20:22

this is wrong 

    string query2 = "INSERT * from Accounts where Email='" + Email.Text + "' and Password='" + Password.Text + "' + ID + AccountType";

should be like this 

INSERT INTO table_name (column1, column2, column3, ...)
VALUES (value1, value2, value3, ...);

as showing in W3Schools here

solution2
 0  2017-05-30 10:44:01

Few things to consider here...

First, as many people noticed (and always will here on SO), NEVER concatenate strings for commnand text. Instead, user parameters, like this: 

string query1 = "Select * from Accounts where Email=@Email and Password=@Password ";

cmd.Parameters.Add("@Email", SqlDbType.VarChar).Value = Email.Text;
cmd.Parameters.Add("@Password", SqlDbType.VarChar).Value = Password.Text;

Second, you are using ExecuteScalar which only return number of affected rows. Instead, you should read data with DataReader . Something like this: 

SqlDataReader reader = cmd1.ExecuteReader();
verify = reader.HasRows;

if (verify)
{
    ErrorMessage.Text += "Logging in...";
    reader.Read();

    this.lblUserId.Text = reader["ID"].ToString();
    //read other data into other labels
}

con.Close();

third, you INSERT syntax is wrong and should be like this: 

string query2 = @"
INSERT INTO Accounts 
    (Email, Password, ID, AccountType)
VALUES
    (@Email, @Password, @ID, @AccountType)
";

cmd.Parameters.Add("@Email", SqlDbType.VarChar).Value = Email.Text;
cmd.Parameters.Add("@Password", SqlDbType.VarChar).Value = Password.Text;
cmd.Parameters.Add("@ID", SqlDbType.Int).Value = /* some ID textbox or what ever */;
cmd.Parameters.Add("@AccountType", SqlDbType.Int).Value = /* some value for acc type */;

... and fourth:

why do you enter account data into table after user successfully logged in?

solution3
 0  2017-05-30 11:37:27

You said you want to update the labels after collecting email and password from the textboxes which i guess can be achieved using the 'query1', if the Account table of yours contain the field 'UserId' and 'AccountType'. You should use DataReader instead of ExecuteScalar for verification and reading of data from db and update the labels with UserId and AccountType. Following can be the hypothetical answer of yours:- 

SqlDataReader dr = cmd1.ExecuteReader();
if(dr.HasRows)
{
  //if email and password is okay
  while(dr.Read())
  {
   //successful
   ErrorMessage.Text += "Logging in...";
   //Response.Redirect("succesful.aspx");

   //display User ID & Account Type
   UserId.Text = (string)dr["userid"];
   AccType.Text = (string)dr["accounttype"];
  }
 }
 else{
    //unsuccessful
    //Response.Redirect("unsuccesful.aspx", true);
    ErrorMessage.Text += "Email or Password incorrect! Please try again.";
 }

And Finally, I have no idea on why you trying to insert any data to the Account table after logging in. I mean you should update some field on your table instead of inserting a new row into the table.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Data From Database display to textbox c# insert data into database of dynamically generayed textbox using c# how to insert data from textbox to access database using where in c# How to insert decimal value from textbox into database with c# C# Database Insert not working from textbox to listbox Insert into textbox c# mdb database Retrieve Data from Database to Textbox using ADODB in C# How to fetch data from access database in a textBox using C# data in not insert in database in c# Insert data from a Repeater's textbox into a database
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM