I am in the process of creating an asp.net web app in C# using Visual Studio. I have a registration page for parents that stores information in a database table I have created. I now need to create a login page that if username and password are entered correctly, the user will be redirected to a payment page.
What I have so far works to an extent. I will show my code, along with a screenshot of the main error. If anyone can point out where I am going wrong, I would really appreciate it.
username + password = CORRECT - I receive "password is correct" text
username + password = BOTH WRONG - I receive "username is not correct" text
username (NOT correct) + password (CORRECT) - I receive "username is not correct" text
username (CORRECT) + password (NOTcorrect) - I get this error (see screenshot)
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Configuration;
using System.Data.SqlClient;
namespace Coursework
{
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void loginButton_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["newregDBConnectionString"].ConnectionString);
conn.Open();
string checkUser = "select count(*) from parent where parentID='" + userText.Text + "'";
SqlCommand com = new SqlCommand(checkUser, conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
conn.Close();
if (temp == 1)
{
conn.Open();
string checkPassword = "select password from parent where password='" + passText.Text + "'";
SqlCommand passCom = new SqlCommand(checkPassword, conn);
string password = passCom.ExecuteScalar().ToString().Replace(" ","");
if(password == passText.Text)
{
Session["New"] = userText.Text;
Response.Write("Password is correct");
}
else
{
Response.Write("Password is not correct");
}
}
else
{
Response.Write("Username is not correct");
}
conn.Close();
}
}
}