Click here to Skip to main content
15,561,685 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
my site is provides the service of socialportal and EventCalender i have one loginpage,informationpage in information page i provide the links of social portal and EventClaender i also write the code of Event calender my problem is that when user login and go to information page and click on EventCalender it only access events that he/she sets like only information that this User set is displayed


that is two databasetables


tablename User
ID            int
Email         varchar(500)
Password      varchar(500)
Name          varchar(500)
Country       varchar(500)
LastLogin     datetime
RegisterDate  datetime
Description   Varchar(500)
ImageName     Varchar(500)


tablename Events

EventId
EventName     Varchar(600)
EventDate     datetime



code is below i want help that Events relate to login

Mainlogin.cs
SqlConnection con = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\omar\Documents\Visual Studio 2005\WebSites\Project2\App_Data\Database.mdf;Integrated Security=True;User Instance=True");
        con.Open();
        string query = "Select Password from [User] Where Email='" + TextBox1.Text + "'";
        SqlCommand com = new SqlCommand(query, con);
        SqlDataReader rd;
        rd = com.ExecuteReader();
        while (rd.Read())
        {
            s = rd[0].ToString();
        }
        con.Close();
        if (s == TextBox2.Text)
        {
            Session["Email"] = TextBox1.Text;
            Response.Redirect("information.aspx");
        }
        else
        {
            //Response.Redirect("home.aspx");
            Response.Write("<script language='javascript'>alert( 'Invalid password or Email ' )</script>");

        }

information.cs
protected void LinkButton3_Click(object sender, EventArgs e)
  {
      Response.Redirect("~/EventCalender.aspx");
  }
  protected void LinkButton4_Click(object sender, EventArgs e)
  {
      Response.Redirect("~/SocialPortal.aspx");
  }

Eventcalender.cs


    SqlConnection mycn;
    SqlDataAdapter myda;
    DataSet ds = new DataSet();
    DataSet dsSelDate;
    String strConn;
    protected void Page_Load(object sender, EventArgs e)
    {
        strConn = "Data Source=.\\SQLEXPRESS;AttachDbFilename=C:\\Users\\omar\\Documents\\Visual Studio 2005\\WebSites\\Project2\\App_Data\\Database.mdf;Integrated Security=True;User Instance=True";
        mycn = new SqlConnection(strConn);
       myda = new SqlDataAdapter("Select * FROM Events", mycn);
        myda.Fill(ds, "Table");
    }
    protected void CalenderDRender(object sender, System.Web.UI.WebControls.DayRenderEventArgs e)
    {
        // If the month is CurrentMonth
        if (!e.Day.IsOtherMonth)
        {
            foreach (DataRow dr in ds.Tables[0].Rows)
            {
                if ((dr["EventDate"].ToString() != DBNull.Value.ToString()))
                {
                    DateTime dtEvent = (DateTime)dr["EventDate"];
                    if (dtEvent.Equals(e.Day.Date))
                    {
                        e.Cell.BackColor = Color.PaleVioletRed;
                    }
                }
            }
        }
        //If the month is not CurrentMonth then hide the Dates
        else
        {
            e.Cell.Text = "";
        }
    }
    protected void Calendar1_SelectionChanged(object sender, EventArgs e)
    {
        myda = new SqlDataAdapter("Select * from Events where EventDate='" + Calendar1.SelectedDate.ToString("s") + "'", mycn);
        dsSelDate = new DataSet();
        myda.Fill(dsSelDate, "AllTables");
        if (dsSelDate.Tables[0].Rows.Count == 0)
        {
            DataGrid1.Visible = false;
        }
        else
        {
            DataGrid1.Visible = true;
            DataGrid1.DataSource = dsSelDate;
            DataGrid1.DataBind();
        }
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        DateTime mydate;
        mydate = Convert.ToDateTime(TextBox2.Text);
        SqlConnection con = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename=C:\\Users\\omar\\Documents\\Visual Studio 2005\\WebSites\\Project2\\App_Data\\Database.mdf;Integrated Security=True;User Instance=True");
        con.Open();
        string que = "insert into Events(EventName,EventDate) values(@eventname,@eventdate)";
        SqlCommand com = new SqlCommand(que, con);
        com.Parameters.Add("@eventname", SqlDbType.VarChar);
        com.Parameters.Add("@eventdate", SqlDbType.DateTime);
        com.Parameters["@eventname"].Value = TextBox1.Text;
        com.Parameters["@eventdate"].Value = TextBox2.Text;
        com.ExecuteNonQuery();
        con.Close();
    }
}


[edit]Code block added, "Ignore HTML..." option disabled - OriginalGriff[/edit]
Posted
Updated 5-May-11 22:28pm
v3

The first thing you need to do is include another field in your Events table to hold the User ID. Then, when you create the event, you insert the User ID along with the date it is due, and the event name.

When you log them in, you then read back from the Events table only those where the User ID is the same as teh logged in user.
SqlCommand com = new SqlCommand("SELECT * FROM Events WHERE userID=@ID", con);
com.Parameters.AddWithValue("@ID", loggedInUserID);


BTW, that brings me to my next point: do not concatenate strings to make your SQL statements - it leave you wide open to an accidental or deliberate SQL injection attack which could delete your entire database. Use Parametrized queries, as I did above. They also make code more readable:
string query = "Select Password from [User] Where Email='" + TextBox1.Text + "'";
SqlCommand com = new SqlCommand(query, con);
SqlDataReader rd;
rd = com.ExecuteReader();
Becomes
string query = "Select Password from [User] Where Email=@EMAIL";
SqlCommand com = new SqlCommand(query, con);
com.Parameters.AddWithValue("@EMAIL", TextBox1.Text);
SqlDataReader rd;
rd = com.ExecuteReader();


And (hopefully) my final point: never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
 
Share this answer
 
Comments
[no name] 6-May-11 8:43am    
can you tell me what is loggedInUserID where i put above query in calender.cs
OriginalGriff 6-May-11 8:52am    
It's the ID of the user you just logged-in in your MainLogin.cs file...
[no name] 6-May-11 9:36am    
where i put above query in Eventcalender.cs
[no name] 6-May-11 9:57am    
i improve question plz check i put you tell in EventCalende.cs
I hope I understood your question right. What you want is a relation between the logged-in user and his EventsCalender. You can manage this by adding a UserID property to the EventCalender table. Then when the user creates a Event you store his UserID with the event so you can access his personal Events by adding a "where UserID=logged-in user ID"-statement to your SQL query when you get the Events.
 
Share this answer
 
v2
Comments
[no name] 6-May-11 9:57am    
i improve question plz check can i do right?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900