protected void btnSubmit_Click(object sender, EventArgs e) { String queryread = @"Select * from Login where UserName = '" + tbUserName.Text.ToLower() + "' and Password='"+ tbPassword.Text.ToLower() +"'"; SqlConnection con = new SqlConnection(); SqlDataReader read; con.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["BartConnectionString"].ConnectionString; SqlCommand readdata = new SqlCommand(queryread, con); try { con.Open(); read = readdata.ExecuteReader(); Boolean flag = false; while (read.Read()) { String UserName = read["UserName"].ToString().ToLower(); String password = read["Password"].ToString(); if (tbUserName.Text.ToLower() == UserName) { if (tbPassword.Text.Trim() == password) { Session["UserID"] = UserName.ToString(); flag = true; } } } if (flag) { Response.Redirect("~/Supervisor/Form.aspx",false); } else { Response.Redirect("~/Error.aspx",false); } } catch (Exception ex2) { Response.Write("Error"); } finally { if (con.State == System.Data.ConnectionState.Open) con.Close(); } }
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)