Click here to Skip to main content
12,398,816 members (58,145 online)
Rate this:
 
Please Sign up or sign in to vote.
See more: SQL-server-2005 C# ASP.NET , +
protected void Button1_Click(object sender, EventArgs e)
    {
        try
        {
        cmd.Connection = con;
        con.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["loginconnectionstring"].ConnectionString;
        con.Open();
        if (TextBox3.Text != TextBox2.Text)
        {
            Label5.Visible = true;
            Label5.Text = "Password Doesn't Match Please try Again";
        }
            cmd .CommandType=CommandType .StoredProcedure;
            cmd .CommandText="passchange";
            cmd .Parameters .AddWithValue("@uname", TextBox4.Text);
            cmd .Parameters .AddWithValue ("@pass", TextBox2 .Text);
            cmd .ExecuteNonQuery();
            Label7.Visible = true;
            Label7.Text = "Password Updated Successully";
        }
        catch(Exception ex)
        {
            Label6 .Visible =true;
            Label6 .Text = ex .ToString();
        }
        finally 
        {
            con .Close();
        }
    }



ALTER proc [dbo].[passchange] 
(
@uname varchar(50),@upass varchar(50)
)
as
update test3 set pass=@upass where username=@uname
Posted 22-Apr-13 20:53pm
rgboss326
Comments
Tadit Dash 23-Apr-13 2:56am
   
What is the exception ?
Prasad Khandekar 23-Apr-13 2:58am
   
You may want to change your code as

if (TextBox3.Text != TextBox2.Text)
{
Label5.Visible = true;
Label5.Text = "Password Doesn't Match Please try Again";
}
else
{
cmd .CommandType=CommandType.StoredProcedure;
cmd .CommandText="passchange";
cmd .Parameters.AddWithValue("@uname", TextBox4.Text);
cmd .Parameters.AddWithValue ("@pass", TextBox2 .Text);
cmd .ExecuteNonQuery();
Label7.Visible = true;
Label7.Text = "Password Updated Successully";
}
arthamsai 23-Apr-13 2:59am
   
You Entered Again cmd.CommandText="passchange";
This Is Wrong Because Your Are Using Stored Procedure .
SqlCommand cmd = new SqlCommand("DeleteBook", con);
Here DeleteBook is Stored Procedure Name.
Replace
cmd.CommandText="passchange"; to SqlCommand cmd = new SqlCommand("DeleteBook", con);
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

hello,

Your parameter name in procedure and passing in coding are different.


you are passing @upass in procedure and @pass in coding.




Thanks,
Abhimanyu
  Permalink  
Comments
rgboss 23-Apr-13 3:37am
   
thanks abhi

it was my mistake
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

Please, don't store passwords in clear text - it is a huge security risk. Have a look here: Password Storage: How to do it.[^]

Plus, it is a good practice to do all your validation at the start of a method, so you don't wate time or resources loading stuff you won't use - except in you case, if the new passwords don't match you report a problem and them overwrite the old password anyway, so the user doesn't have a clue what his password is...

Other than that, check your names: "@upass" is not the same as "@pass"...
  Permalink  
Comments
rgboss 23-Apr-13 3:38am
   
thank you very much
OriginalGriff 23-Apr-13 3:47am
   
You're welcome!
rgboss 23-Apr-13 5:13am
   
There is one more problem in checking username and old password. canu help me???
OriginalGriff 23-Apr-13 5:14am
   
Depends! :laugh:
What's the problem?
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 3

you are using different name for parameter in SP and coding.
  Permalink  
Comments
rgboss 23-Apr-13 3:37am
   
thanks and
sorry...
it was my typing mistake

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Mobile
Web02 | 2.8.160721.1 | Last Updated 23 Apr 2013
Copyright © CodeProject, 1999-2016
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100