string strConnection = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString; string strSelect = "SELECT COUNT(*) FROM Users WHERE Username = @Username AND Password = @Password";
SqlConnection con = new SqlConnection(strConnection);
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandType = CommandType.Text;
cmd.CommandText = strSelect;
SqlParameter username = new SqlParameter("@Username",SqlDbType.VarChar ,50);
username.Value = txtUserName.Text.Trim().ToString();
cmd.Parameters.Add(username);
SqlParameter password = new SqlParameter("@Password", SqlDbType.VarChar, 50);
password.Value = txtPassword.Text.Trim().ToString();
cmd.Parameters.Add(password);
con.Open();
int result = (Int32)cmd.ExecuteScalar();
con.Close();
if (result >= 1)
Response.Redirect("Default.aspx");
else
lblMsg.Text = "Incorrect Username or Password";
No comments:
Post a Comment