how to displlay list of online users using sql database in asp.net

Question

0.00/5 (No votes)

See more:

hey guyzz m working in chat application and to display online users i m using a database table of online users where data is inserted when a user's session is created after login but on running the code i can't see any data getting into the table of online users.
the code is:

C#

protected void btnLogin_Click(object sender, EventArgs e)
{

    cmd.CommandText = "select * from register where username='" + txtUsername.Text + "'and password='" + txtPassword.Text + "'";
    con.Open();
    dr = cmd.ExecuteReader();
    if (dr.HasRows)
    {
        con.Close();
        cmd.CommandText = "insert into onlineUsers values('" + txtUsername.Text + "','" + DateTime.Now + "','" + DateTime.UtcNow + "')";
        con.Open();
        cmd.ExecuteNonQuery();
        con.Close();
        Session["username"] = null;
        Session["username"] = txtUsername.Text;
        Response.Redirect("UserDefault.aspx");
    }
    else
    {
        con.Close();
        lblUsername.Visible = true;
        lblUsername.Text = "USERNAME DOES NOT EXISTS";
        lblUsername.ForeColor = System.Drawing.Color.Red;
    }
}

Posted 11-Apr-15 9:06am

Member 11417132

Updated 11-Apr-15 21:39pm

Richard MacCutchan

v3

Add a Solution

Comments

DamithSL 12-Apr-15 0:43am

update the question with your code

Arkadeep De 12-Apr-15 1:57am

share the code....

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Maciej Los · Answer 1 · 2015-04-11T22:12:00

First of all, your code is SQL Injectioin[^] vulnerable.

How to protect your site from SQL Injection attacks?
How To: Protect From SQL Injection in ASP.NET[^]
Stop SQL Injection Attacks Before They Stop You[^]
SQL Injection and how to avoid it[^]
Dynamic SQL & SQL injection[^]

Secondly, your insert statement is wrong, because you missed destination fields. Proper insert statement is:

SQL

INSERT INTO onlineUsers (Field1, Field2, Field3)
VALUES (val1, val2, val3)

Third of all, on Page_Load event[^] for UserDefault.aspx write code to get the count of logged users.
SQL query might look like:

SQL

SELECT COALESCE(COUNT(*),0) AS CountOfUsers
FROM onlineUsers
WHERE DateField BETWEEN DATEADD(dd, -1, GETDATE()) AND GETDATE()

For further information, please see:
Page Events[^]
DATEADD[^]
COALESCE[^]
COUNT[^]

OriginalGriff · Answer 2 · 2015-04-11T22:18:00

Solution 2

And to add to what Maciej Los says, you should never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

To give you an idea how bad it is considered: CommitStrip[^]

Posted 11-Apr-15 22:18pm

OriginalGriff

ShahidRiaz · Answer 3 · 2015-04-11T22:25:00

As already informed by other user, your code is open for SQL Injection attacks.
Second thing is that you need to update your question with your code.
I have understand following:-

You have only shown the code, where user is providing user name and pwd to login. As soon as the user is logged in, you are saving records into another table named "onlineUsers".

You have not pasted code, where you want to show the online users. Basically what you need to do is following:-

Create a query, which should get all records from the onlineUsers and then you need to display those records somewhere.

Problem in your Solution:-

What would happen, if user a user logged out from the application. So please make sure to remove records of the user who is logged out from the online Users table.

how to displlay list of online users using sql database in asp.net

3 solutions

Solution 1

Solution 2

Solution 3

Add your solution here

Preview 0