First of all, never store the passwords as plain text. Have a look at
Password Storage: How to do it.[
^]
About the question itself, instead of counting the records, select the actual data. In other words something like
string query = "select user_type from user_privilege where
user_id=@username and password=@password";
You can then use
SqlCommand.ExecuteReader Method (System.Data.SqlClient)[
^] to run the query and investigate the data returned.
ADDITION
As a samll example of using a reader, consider the following. Note this doesn't fix the password problem.
...
con.Open();
string query = "select user_type from user_privilege where user_id=@username and password=@password";
SqlCommand cmd = new SqlCommand(query, con);
cmd.Parameters.AddWithValue("@username", userNameBox.Text.Trim());
cmd.Parameters.AddWithValue("@password", passwordBox.Text.Trim());
SqlDataReader reader = command.ExecuteReader();
if !(reader.Read()) {
messageBox.Text = "User not found";
Response.Redirect("test.aspx");
} else if (reader[0].ToString() == "Staff") {
messageBox.Text = "Staff";
Response.Redirect("test.aspx");
} else {
Session["admin"] = userNameBox.Text;
Response.Redirect("AdminDashboard.aspx");
messageBox.Text = "Ad";
}
else
{
messageBox.Text = "Failed";
}
...