It fires as soon as the text changes and they way you are concatenating the text value of your textbox text value is causing an unexpected value to be in the WHERE clause. You could have done something like this:
if (IsPostBack)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HOTConnectionString"].ConnectionString);
con.Open();
string cmdStr = "select count(*) from Tablepass where EmailAddress=@TextBoxEA";
SqlCommand userExist = new SqlCommand(cmdStr, con);
SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
userExist.Parameters.AddWithValue("@TextboxEA", TextBoxEA.Text);
int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
if (temp == 0)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true);
}
}
}
Also, you have been told numerous times that this sort of code leaves you vulnerable to SQL injection. It would be in your best interest to revise it using parameterized queries.
[EDIT]
int loginAttempts = 0;
if (IsPostBack)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HOTConnectionString"].ConnectionString);
con.Open();
string cmdStr = "select count(*) from Tablepass where EmailAddress=@TextBoxEA";
SqlCommand userExist = new SqlCommand(cmdStr, con);
SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
userExist.Parameters.AddWithValue("@TextboxEA", TextBoxEA.Text);
int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
if (temp == 0)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true);
loginAttempts++;
}
else if (loginAttempts == 5)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Does Not Exist!!! You Must Fill Out Registration First!!!');", true);
}
}
}
This checks how many times they have attempted to login and then will show the register message after 5 attempts(which could be any number). Your "else" could do the login if the user entered data is valid.
[/EDIT]