Click here to Skip to main content
15,905,420 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
AM a final year student of osun state university Nigeria,studying computer science, am writing a project on Secure E-Voting System using and C# but having issue with my code on the log on side.

THis is the ASP Design

<%@ Page Title="Log In" Language="C#" MasterPageFile="~/Site.master" AutoEventWireup="true"
    CodeFile="Login.aspx.cs" Inherits="Account_Login" %>

<asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent">
<asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent">

        Log In to Your Voter Account
        Please enter your username and password.
        <asp:HyperLink ID="RegisterHyperLink" runat="server" EnableViewState="false">Register</asp:HyperLink> if you don't have an account.

    <asp:Login ID="LoginUser" runat="server" >
            <span class="failureNotification">
                <asp:Literal ID="FailureText" runat="server"></asp:Literal>
            <asp:ValidationSummary ID="LoginUserValidationSummary" runat="server" CssClass="failureNotification"
            <div class="accountInfo">
            <form id="form1" runat="server">
                <fieldset class="login">
                    <legend>Voters Information</legend>
                        <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">Username:</asp:Label>
                        <asp:TextBox ID="txtUserName" runat="server" CssClass="textEntry"></asp:TextBox>
                        <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName"
                             CssClass="failureNotification" ErrorMessage="User Name is required." ToolTip="User Name is required."
                        <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label>
                        <asp:TextBox ID="txtPassword" runat="server" CssClass="passwordEntry" TextMode="Password"></asp:TextBox>
                        <asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password"
                             CssClass="failureNotification" ErrorMessage="Password is required." ToolTip="Password is required."
                        <asp:CheckBox ID="RememberMe" runat="server"/>
                        <asp:Label ID="RememberMeLabel" runat="server" AssociatedControlID="RememberMe" CssClass="inline">Keep me logged in</asp:Label>
                <p class="submitButton">
                    <asp:Button ID="LoginButton" runat="server" CommandName="Login" OnClick="LoginButton_Click" Text="Log In" ValidationGroup="LoginUserValidationGroup"/>

The Code side C#
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;

public partial class Account_Login : System.Web.UI.Page

    protected void Page_Load(object sender, EventArgs e)
        RegisterHyperLink.NavigateUrl = "VResgister.aspx?ReturnUrl=" + HttpUtility.UrlEncode(Request.QueryString["ReturnUrl"]);
    protected void LoginButton_Click(object sender, EventArgs e)
        SqlConnection con = new SqlConnection("Data Source=SUNKEE-PC;Initial Catalog=voters; User ID=sa;Password=password1");
        SqlCommand cmd = new SqlCommand();
        cmd.Connection = con;
        string sql;
        sql = "exec Logon'" + txtUserName.text + "', '" + txtPassword.text + "'";
        cmd.CommandText = sql;
        SqlDataReader dr = cmd.ExecuteReader();
        if (dr.Read())


the error is showing is :

Server Error in '/E-Voting' Application.
Compilation Error
Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately.

Compiler Error Message: CS0103: The name 'txtUserName' does not exist in the current context

Source Error:

Line 21:         cmd.Connection = con;
Line 22:         string sql;
Line 23:         sql = "exec Logon'" + txtUserName.text + "', '" + txtPassword.text + "'";
Line 24:         cmd.CommandText = sql;
Line 25:         con.Open();

Source File: c:\Users\Sunkee\Documents\Visual Studio 2010\WebSites\E-Voting\voting\Login.aspx.cs    Line: 23

Show Detailed Compiler Output:

Show Complete Compilation Source:

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.272
Updated 8-Mar-13 23:05pm
Richard MacCutchan 9-Mar-13 5:27am    
The message looks reasonably clear; you do not have a variable called txtUserName. You are also creating your SQL commands in a dangerous way (string concatenation) which can lead to SQL injection, and the total destruction of your database.

1 solution

As Richard MacCutchan suggests, please read this: How to: Protect From Injection Attacks in ASP.NET[^], especially Step 4. Use Command Parameters for SQL Queries.

Then check this line:
sql = "exec Logon'" + txtUserName.text + "', '" + txtPassword.text + "'";

Does txtUserName and txtPassword is the name of TextBox control? If yes, try this:
String uName = Me.txtUserName.Text;
String uPass = Me.txtPassword.Text;
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900