Comments by Abdullaziz Said (Top 7 by date)

any solution or any help plz

string name = "";
if (Session["usernames"] != "" & Session["usernames"] != null)
{
name = Session["usernames"].ToString();
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["soom_dbConnectionString"].ConnectionString);
SqlCommand command = new SqlCommand("SELECT user_type FROM user_data where user_name='"+name+"'");
command.Connection = connection;
command.CommandType = CommandType.Text;
connection.Open();
SqlDataReader reader = command.ExecuteReader(CommandBehavior.CloseConnection);
if (reader.HasRows)
{

reader.Read();

if (reader["user_type"]== "1")
{
Response.Redirect("../admincp/Default.aspx");

}
else
{
Response.Redirect("../Access_Denied.aspx");

}
}

when i use this code and iam sure that the user_type value is 1 it's redirect me to access_denied.aspx idk Why
and when i change the code to
string name = "";
if (Session["usernames"] != "" & Session["usernames"] != null)
{
name = Session["usernames"].ToString();
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["soom_dbConnectionString"].ConnectionString);
SqlCommand command = new SqlCommand("SELECT user_type FROM user_data where user_name='"+name+"'");
command.Connection = connection;
command.CommandType = CommandType.Text;
connection.Open();
SqlDataReader reader = command.ExecuteReader(CommandBehavior.CloseConnection);
if (reader.HasRows)
{

reader.Read();
string type = reader["user_type"].ToString();
if (type == "1")
{
Response.Redirect("../admincp/Default.aspx");
//Response.Redirect("../Access_Denied.aspx");
}
else
{
Response.Redirect("../Access_Denied.aspx");
//Response.Redirect("../admincp/Default.aspx");
}
}
i enter infinite loop :( i hate my self i can't focus
waiting for the best answer
thanks in advance

thanks man i solve it

string action = Request.QueryString["action"];
string id = Request.QueryString["id"];
if (action == "state" && id != "")
{
SqlConnection cn =
new SqlConnection(ConfigurationManager.ConnectionStrings["soom_dbConnectionString"].ConnectionString);
SqlCommand cmd = new SqlCommand(
"SELECT * FROM [user_data] WHERE user_id='" + id + "'", cn);
cmd.CommandType = CommandType.Text;
cmd.Connection.Open();
SqlDataReader dr = cmd.ExecuteReader();

if (dr.HasRows)
{
while (dr.Read())
{
string user_ststus = dr["user_status"].ToString();
if (user_ststus == "True")
{
SqlConnection cne = new SqlConnection(ConfigurationManager.ConnectionStrings["soom_dbConnectionString"].ConnectionString);
SqlCommand cmdz = new SqlCommand("Update [user_data] set user_status ='" + 0 + "' WHERE user_id='" + id + "';", cne);
cmdz.Connection = cne;
cmdz.CommandType = CommandType.Text;
cne.Open();
cmdz.ExecuteScalar();
cne.Close();
stat_id.Attributes["class"] = "alert alert-success";
insert_status.Text = "تم تعديل حالة العضو الي غير مفعلة !! ";
}
else if (user_ststus == "False")
{
SqlConnection cne = new SqlConnection(ConfigurationManager.ConnectionStrings["soom_dbConnectionString"].ConnectionString);
SqlCommand cmdz = new SqlCommand("Update [user_data] set user_status ='" + 1 + "' WHERE user_id='" + id + "';", cne);
cmdz.Connection = cne;
cmdz.CommandType = CommandType.Text;
cne.Open();
cmdz.ExecuteScalar();
cne.Close();
stat_id.Attributes["class"] = "alert alert-success";
insert_status.Text = "تم تعديل حالة العضو الي مفعلة !! ";
}


}
}

}

i want to know how to create them first :)