How to display data of different logged in users?

Question

0.00/5 (No votes)

See more:

i am doing a project(website) in asp.net c#. I am using visual studio 2005 and SQL server 2005.What I need to know is when a student logs in using their username and password they should have their specific information displayed from the database (like name,dob,class,department, contactno from the SQL) on to a different web page. i am able to display the data for only one user.So how can i display different users data when different user logs in with his username and password.

I am using two pages one for login and other studentinf which displays the information of current user login.

code for login page:

SQL

public partial class _Default : System.Web.UI.Page 

{

 SqlConnection con;

 SqlCommand cmd;

SqlDataReader dr;

SqlDataAdapter da; 

protected void Page_Load(object sender, EventArgs e)
{
    con = new SqlConnection("Data Source=localhost;Initial Catalog=knm;Integrated Security=SSPI");
    con.Open();
}
protected void Button1_Click(object sender, EventArgs e)
{
  
    String qry=" Select * from user_login where username='" + TextBox1.Text+"' and password='" +TextBox2.Text+"'";
    cmd=new SqlCommand(qry,con);      
    dr=cmd.ExecuteReader();
    if(dr.Read())
    {
        Label3.Text="Logged in successfull";
        Response.Redirect("studenthome.aspx");
    }

        else
        Label3.Text="invalid user";
    dr.Close(); 
    }

}

code for studentinf page:

SQL

public partial class _Default System .Web .UI. Page                             
{

   SqlConnection con;

   SqlCommand cmd;

   SqlDataReader dr;

   SqlDataAdapter da;

protected void Page_Load(object sender, EventArgs e)
{

    bool temp = false;
    con = new SqlConnection("Data Source=localhost;Initial Catalog=knm;Integrated Security=SSPI");
    String std = "SELECT* FROM user_login";
    con.Open();
    cmd = new SqlCommand("select * from studentinf ", con);      
    da = new SqlDataAdapter("select * from studentinf ", con);
    DataSet ds = new DataSet();
    da.Fill(ds, "studentinf");
    TextBox1.Text = ds.Tables["studentinf"].Rows[0]["name"].ToString();
    TextBox2.Text = ds.Tables["studentinf"].Rows[0]["dob"].ToString();
    TextBox3.Text = ds.Tables["studentinf"].Rows[0]["class"].ToString();
    TextBox4.Text = ds.Tables["studentinf"].Rows[0]["department"].ToString();
    TextBox5.Text = ds.Tables["studentinf"].Rows[0]["contact"].ToString();  
     }
}

Posted 26-Feb-14 8:57am

Member 10628229

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2014-02-26T09:16:00

First things first: don't do it like that! Particularly with a website, what you are doing is poor security, and very, very dangerous. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead, or I can access your login screen, and bypass your passwords, or destroy your database without even logging in.

C#

string qry="SELECT * FROM user_login WHERE username=@UN AND password=@PW";

cmd=new SqlCommand(qry,con);
cmd.Parameters.AddWithValue("@UN", TextBox1.Text);
cmd.Parameters.AddWithValue("@PW", TextBox2.Text);
dr=cmd.ExecuteReader();

Is the parametrized version.
Secondly, in the real world, never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
Thirdly, don't use Visual Studio defaults for control names: it makes your code a lot more readable, understandable, reliable, and maintainable if you use sensible names for your controls instead. You may remember today the TextBox1 is the username, but in six weeks time when you revisit it, it's a lot more obvious if you had called it tbUserName, isn't it?

Now, what you need to do is add a row to your database: an ID row that you can use to uniquely identify a user - even if they change their username. This site (and nearly all others do, and they even let you know what yours is: if you go to your "home" page it tells you: "Member No. 10628229" and mine would be "Member No. 6122202". This can be an Identity field, so SQL will keep track of it and you don't need to do anything to ensure they are unique.

Now, when you user logs in, read that out, and save it.
The easiest way to do that is:

Session["UserId"] = userId;

Now when you load a page, all you have to do is:

C#

object o = Session["UserId"];
if (o != null)
   {
   int userID = (int) o;
   // Rest of your page load code.
   }

You can then use that userId value to access your SQl database and retrieve all the info you want about the user, and present it to him via your web page.
The Session array will store the userId until the browser closes (or twenty minutes without him doing anything, whichever comes first).