code not working to check email already registered or not

Question

1.00/5 (1 vote)

See more:

Through following code i try to check email already registered(database have or not) or not but it is not working kindly help me

C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

public partial class new_add_donor : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (IsPostBack)
        {
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["mandConnectionString"].ConnectionString);
            conn.Open();
            string checkdonor = "select count(*) from mydatabase where email='"+TextBox4.Text+"'";
            SqlCommand com = new SqlCommand(checkdonor, conn);
            int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
            if (temp == 1)
            {
                Response.Write("You Email ID is Already Registered Click on Forget Password if you have not Password");
            }

            conn.Close();
        }
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        try
        {
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["mandConnectionString"].ConnectionString);
            conn.Open();
            string insertQuery = "insert into mydatabase (dob,name,father,gender,bgroup,distt,tehsil,cv,email,password,repassword,no1,no2,av_not,userdate,user_type) values (@dDate ,@dname ,@dfather ,@dgender ,@dbg ,@ddistt ,@dtehsil ,@dcv ,@demail ,@dpass ,@drepass ,@dno1 ,@dno2 ,@dav ,@ddate ,@duser1)";
            SqlCommand com = new SqlCommand(insertQuery, conn);

            com.Parameters.AddWithValue("@ddob", TextBox1.Text);
            com.Parameters.AddWithValue("@dname", TextBox2.Text);
            com.Parameters.AddWithValue("@dfather", TextBox3.Text);
            com.Parameters.AddWithValue("@dgender", DropDownList1.Text);
            com.Parameters.AddWithValue("@dbg", DropDownList2.Text);
            com.Parameters.AddWithValue("@ddistt", DropDownList3.Text);
            com.Parameters.AddWithValue("@dtehsil", DropDownList4.Text);
            com.Parameters.AddWithValue("@dcv", DropDownList5.Text);
            com.Parameters.AddWithValue("@demail", TextBox4.Text);
            com.Parameters.AddWithValue("@dpass", TextBox5.Text);
            com.Parameters.AddWithValue("@drepass", TextBox6.Text);
            com.Parameters.AddWithValue("@dno1", TextBox7.Text);
            com.Parameters.AddWithValue("@dno2", TextBox8.Text);
            com.Parameters.AddWithValue("@dav", DropDownList6.Text);
            com.Parameters.AddWithValue("@ddate", TextBox9.Text);
            com.Parameters.AddWithValue("@duser1", TextBox10.Text);
            com.ExecuteNonQuery();

            Response.Write("<script>alert('Dairy has been Saved Successfully.');</script>");

            conn.Close();
        }
        catch (Exception ex)
        {
            Response.Write("Error:" + ex.ToString());
        }
    }
}

Posted 27-Jun-15 1:30am

Mahima Singh

Updated 27-Jun-15 2:27am

Frankie-C

v2

Add a Solution

Comments

[no name] 27-Jun-15 7:38am

"not working" could any one of 1,034,454,655,323 things. Could you be a bit more specific? And could you maybe format your code so that it's readable. thanks.

[no name] 27-Jun-15 8:07am

First of all, this is very dangerous:
string checkdonor = "select count(*) from mydatabase where email='"+TextBox4.Text+"'";

Second: if (temp == 1)
If the email is allready two time in (by mistake) then you will add it and add it...

Third:
Think about process everything in upper or lower case.

What is the value you get for temp while you are debugging your code?

Sergey Alexandrovich Kryukov 27-Jun-15 8:19am

Good point. I credited your comment in my answer.

The problem you mentioned in first paragraph of your comment is called "SQL injection". It needs some explanation, so I tried to explain why it's dangerous; please see Solution 1.

—SA

[no name] 27-Jun-15 8:26am

Thank you.

Mahima Singh 27-Jun-15 9:48am

Kindly reply with code change example

[no name] 27-Jun-15 11:33am

Code change example for "not working"? Again, how are we to know what you think "not working" means? Did you debug your code? Does the function hit a breakpoint? Can you connect to your database? Does your database return anything? Help us help you. We can't debug your codebase for you, you need to do that.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2015-06-27T02:17:00

First of all, please see the comment to the question by itislikethis.

Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.

This is how it works: http://xkcd.com/327.

Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.

What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.

With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.

Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.

—SA