I am having trouble with my Login Page!!!

Question

0.00/5 (No votes)

See more:

This is my new code. I went back and deleted some things and add some also. When I run this code I get this error: Ambiguous column name 'EmailAddress'. What does this mean and what is the code to fix it?

C#

public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Button1_Click(object sender, EventArgs e)
    {

        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["PassConnectionString"].ConnectionString);
      con.Open();

      string insCmd = "Insert into TableSecurity (EmailAddress, Password, Level) values (@EmailAddress, @Password, @Level)";
      SqlCommand insertUser = new SqlCommand(insCmd, con);
      insertUser.Parameters.AddWithValue("@EmailAddress", TextBox1.Text);
      insertUser.Parameters.AddWithValue("@Password", TextBox2.Text);
      insertUser.Parameters.AddWithValue("@Level", TextBox1.Text);

 string cmdStr="select count(*) from TableCEO, TableIALO where EmailAddress='" + TextBox1.Text + "'";
        SqlCommand Checkuser=new SqlCommand (cmdStr,con);
        int temp=Convert.ToInt32(Checkuser.ExecuteScalar().ToString());
        if (temp==1)
        {
            string cmdStr2="Select Password from TableSecurity where Password='" + TextBox2.Text + "'";
            SqlCommand pass=new SqlCommand(cmdStr2, con);
            string password=pass.ExecuteScalar().ToString();

     

            if(password == TextBox2.Text)
            {
                Session["New"] = TextBox1.Text;
                Response.Redirect("Secure.aspx");
            }
            else
            {
                Label1.Visible = true;
                Label1.Text = "Invalid Password!!!";
            }
        }
            else
            {
                Label1.Visible = true;
                Label1.Text = "Invalid UserName!!!";
            }
        }
    protected void PasswordRecovery1_SendingMail(object sender, MailMessageEventArgs e)
    {

    }
}

[edit]Code block added - OriginalGriff[/edit]

Posted 30-Apr-13 2:44am

Computer Wiz99

Updated 30-Apr-13 5:05am

OriginalGriff

v6

Add a Solution

Comments

rmksiva 30-Apr-13 8:51am

Hi,

SqlCommand cmd2 = new SqlCommand("select role from users where EmailAddress=@str", conn);
cmd.Parameters.Add(new SqlParameter("@str", str));

Check 2 line not cmd- cmd2

Computer Wiz99 30-Apr-13 9:05am

What do you mean? Where are you talking about?

Computer Wiz99 30-Apr-13 10:54am

I have updated my code.

Kamalkant(kk) 30-Apr-13 9:08am

SqlCommand cmd2 = new SqlCommand("select role from users where EmailAddress=@str", conn);
cmd.Parameters.Add(new SqlParameter("@str", str));
SqlDataReader dr2 = cmd2.ExecuteReader();

In The place of str u just pass the EmailAddress as input variable.

Computer Wiz99 30-Apr-13 9:13am

Ok. How can i change it. Because I can't login to the site.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2013-04-30T03:12:00

Solution 1

Most likely, the email address you are reading back is null - so the paramater value is being passed through as a null value and SQL complains.

Two suggestions for you:
1) Don't use the email address as a user id - create a userID column instead and use that to tie your two (or more) tables together. (It can be int and Identity, or GUID - your choice). Emails are not necessarily unique, or unchanging and you want a nice simple value for that field.
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

Or alternatively, just implement Membership[^] and let the system handle all this - it's a lot easier and works better too!

Posted 30-Apr-13 3:12am

OriginalGriff

Comments

Computer Wiz99 30-Apr-13 9:15am

Thanks. This is just a test run. Not really going to post this site. Just testing the code to see if it can work if I write it this way. Please help on the other question.

OriginalGriff 30-Apr-13 9:31am

It doesn't matter if you are planning on posting it or not. It's worth doing it right anyway, because it encourages sloppy goding otherwise. And in the real world, "it'll do for testing" tends to end up in production because it seems to work and you never get the chance to go back to do it properly.
What other question?

Computer Wiz99 30-Apr-13 9:43am

Ok. I get what you are saying. I have updated my code. I can't seem to login and the username I am using is in the security table.

OriginalGriff 30-Apr-13 9:51am

Doesn't mean it has a non-null email address though.

Computer Wiz99 30-Apr-13 10:12am

Ok. I am upgrading my code.

Computer Wiz99 30-Apr-13 10:53am

I have updated my code.

OriginalGriff 30-Apr-13 11:07am

Since EmailAddress exists in both tables, it can't decide which one to compare against. Either specify the table explicitly, or use a JOIN instead.

Computer Wiz99 30-Apr-13 11:17am

ok thanks.