A few quick things:
First thing.
You're storing your passwords in plain text? Never do that.
Second thing.
Use parameters for your query. Look up SQL Injection.
Third thing.
Why are you then storing the UserID and Password returned from the database in local variables? You already have them. Also, look at having a user ID as a separate entity to the username.
Fourth thing.
Look at "Using". This will dispose of your connection, command and reader when they are finished with, without you having to explicitly do it.
Fifth thing.
MsgBox does not work on web stuff. (Unless you've got a function somewhere that is mapping MsgBox to stuff that does work)
Now that that is out of the way...
I take it you are storing the staff department in the user table? If not, do it.
Create a table, something like LogonActions(Department int, URL varchar(255))
Here's a slightly better version of your code, but it still has a lot of work that needs doing to it.
Private Sub ConnectToSQL1()
Using con As New SqlConnection, cmd As New SqlCommand
con.ConnectionString = "Data Source = (localdb)\MSSQLLocalDB; Initial Catalog = NipunDB; Integrated Security = True"
con.Open()
cmd.Connection = con
cmd.CommandText = "SELECT UserId, URL FROM UdeepData u, LogonActions l WHERE UserID = @UserName AND Password = @Password AND u.Department = l.Department"
cmd.Parameters.AddWithValue("UserName", txtudeepusername.Text)
cmd.Parameters.AddWithValue("Password", txtudeeppass.Text)
Dim userFound As Boolean = False
Dim UserId As String = ""
Dim URL As String = ""
Using lrd As SqlDataReader = cmd.ExecuteReader()
Do While lrd.Read
userFound = True
UserId = lrd("UserId").ToString
URL = lrd("URL").ToString
Loop
End Using
End Using
If userFound = True Then
Response.Redirect(URL)
Else
MsgBox("Sorry, username or password not found")
End If
End Sub
Your code has a LOT of issues in it, the redirecting to the other place should be your lowest priority concern with this at the moment.
Submit an article or tip