|
|||||||||
|
|||||||||
|
|||||||||
 |
|||||||||
| |
||
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
|
|||||||||
| |
||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
ASP Free Forums Sponsor:
|
|
Ajax Application Generator Generate database and reporting .NET Web apps in minutes. Quickly create visually stunning, feature-rich apps that are easy to customize and ready to deploy. Download Now!
|
|
#1
April 15th, 2008, 03:01 PM
|
|||
|
|||
|
Getting the register/ login feature to work
can someone please help me to fix my webpage.
i have created a register page which links to a database in visual web devloper. now when i try to login to the site with those detils i dont know if it works. what i have been trying to do is shown when the user is login by display their name. this is the code for the home page where the login is. Code:
<asp:Label ID="lblError" runat="server" ForeColor="Red" Style="z-index: 102; left: 716px;
position: absolute; top: 128px"></asp:Label>
<asp:Label ID="Label3" runat="server" Text="User" style="z-index: 103; left: 647px; position: absolute; top: 55px"></asp:Label>
<asp:TextBox ID="txtUserName" runat="server" style="z-index: 104; left: 720px; position: absolute; top: 54px"></asp:TextBox>
<asp:Label ID="Label4" runat="server" Text="Password" Width="52px" style="z-index: 105; left: 647px; position: absolute; top: 88px"></asp:Label>
<asp:TextBox ID="txtPassword" runat="server" style="z-index: 106; left: 721px; position: absolute; top: 85px"></asp:TextBox>
<asp:Button ID="btnButton" runat="server" Text="Login" style="z-index: 107; left: 649px; position: absolute; top: 125px" /><br />
<
this is the code for the register form that links to the database
Protected Sub btnRegister_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Dim sqlConnect As System.Data.SqlClient.SqlConnection
Dim sqlInsertCommand As System.Data.SqlClient.SqlCommand
Dim addStr As String
addStr = "('" & txtUser.Text & "','" & txtPassword.Text & "','" & txtConfirm.Text & "','" & txtName.Text & "','" & txtSurname.Text & "','" & txtHouseNo.Text & "','" & txtStreet.Text & "','" & txtTown.Text & "','" & txtPostCode.Text & "','" & txtTelNo.Text & "','" & txtMobile.Text & "','" & txtEmail.Text & "')"
sqlConnect = New System.Data.SqlClient.SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirector y|\MediaDirect.mdf;Integrated Security=True;User Instance=True")
sqlConnect.Open()
sqlInsertCommand = New System.Data.SqlClient.SqlCommand("INSERT INTO Customer ([UserName],[Password],[ConfirmPassword],[Name],[SurName],[HouseNo],[StreetName],[Town],[Postcode],[Telephone],[Mobile],[EmailAddress]) VALUES" & addStr, sqlConnect)
sqlInsertCommand.ExecuteNonQuery()
sqlConnect.Close()
Response.Redirect("RegisterComplete.aspx")
End Sub
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
End Sub
Last edited by lewy : April 15th, 2008 at 10:47 PM. Reason: Added [code][/code] tags, please do this yourself next time
|
|
#3
April 16th, 2008, 08:36 AM
|
||||
|
||||
|
Quote:
After the Click event executes, have you looked at your table with SQL Management Studio? Was the record inserted like you expected? I assume that the query executes, since you are not getting an exception. The other is just ASP mark-ups that in themselves don't DO anything. What do you expect to be displayed? I don't see a click event for your button.
__________________
Wolffy ------------------------ Opinions expressed are my own and do not necessity reflect those of any sane person. Any code provided is intended to be an example and is provided AS IS. Rework for your specific environment may be required. Void where prohibited by law. Not valid in California. Your mileage may vary. Not FDIC insured
|
|
#4
April 16th, 2008, 09:51 AM
|
|||
|
|||
|
the register details works fine. the details get stored into the database. but when i try to login using those details nothing happens. the user should be able to login and their name should display
|
|
#5
April 16th, 2008, 09:59 AM
|
||||
|
||||
|
Quote:
|
|
#7
April 16th, 2008, 10:27 AM
|
||||
|
||||
|
Quote:
[edit]Now I see again that you are using VWD, which I'm not familiar with. I don't know if that uses separate files for code, or if the code is in the aspx page. Either way, you need to put it someplace.[/edit] Last edited by Wolffy : April 16th, 2008 at 10:29 AM.
|
|
#9
April 16th, 2008, 11:14 AM
|
||||
|
||||
|
You coded the register button;s click event -- just do the same for your login button and query your database.
You may also want to look at http://www.asp101.com/lessons/
|
|
#10
April 16th, 2008, 12:22 PM
|
|||
|
|||
|
Does this look right?
Code:
<script runat="server">
Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Dim sqlConnect As System.Data.SqlClient.SqlConnection
Dim sqlCommandDB As System.Data.SqlClient.SqlCommand
Dim sqlInsertCommand As System.Data.SqlClient.SqlCommand
Dim toCommandCus As System.Data.SqlClient.SqlCommand = New System.Data.SqlClient.SqlCommand
Dim toAdapt As System.Data.SqlClient.SqlDataAdapter = New System.Data.SqlClient.SqlDataAdapter
Dim toCustomer As System.Data.DataSet = New System.Data.DataSet
Dim toCustomerName As System.Data.SqlClient.SqlCommand
sqlConnect = New System.Data.SqlClient.SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirector y|\MediaDirect.mdf;Integrated Security=True;User Instance=True")
sqlConnect.Open()
sqlConnect = New System.Data.SqlClient.SqlCommand("SELECT [Password] FROM [Customer] WHERE [Username] = '" txtUsername.Text & “’”, sqlConnect)
'Query to select the password
toCustomerName = New System.Data.SqlClient.SqlCommand("SELECT [name] FROM [Customer] WHERE [Username] = '" & txtUserName.Text & "'", sqlConnect)
'Create a datareader to read the field on the database
Dim DataRead As System.Data.SqlClient.SqlDataReader
DataRead = SqlCommand.ExecuteReader(System.Data.CommandBehavi or.SingleResult)
If DataRead.Read() Then
If DataRead("Password").ToString = txtPassword.Text Then
lblName.Text = "Welcome " & toCustomerName.ExecuteScalar & " To Media Direct"
lblError.Text = ""
Else
'Error message appears when the Username field matches the data in the database but the password doesn't match
lblError.Text = "Cannot find your Password"
lblError.ForeColor = Drawing.Color.Red
lblName.Text = ""
End If
Else
'Error message appears when Username doesn't match the database entry
lblError.Text = "Cannot find anything"
lblError.ForeColor = Drawing.Color.Red
lblName.Text = ""
End If
DataRead.Close()
sqlConnect.Close()
End Sub
</script>
|
|
#11
April 16th, 2008, 12:57 PM
|
|||||
|
|||||
|
And excellent first attempt. You've got a few things wrong, and you are making it more difficult than necessary.
VB.NET Code:
Line 1-6: Pretty much as in your code -- shouldn't need an explanation Line 7 Creates your connection object using the connection string provided Line 8 Creates your command object and links to your connection object Line 9 Starts your Try..Catch..Finally block, which should always be used around SQL code. Line 10: Opens the connection Line 11: Executes the query and returns the first column of the first row -- since the query will return only 1 string -- this works great here Line 12: If the query didn't match the Userid and Password, then obj will be set to Nothing (or Null for you C#'ers out there) Line 13-16: You really shouldn't give the user a clue that the password was wrong but the userid is valid. Let 'em guess. Line 18-20 Displays you welcome message if the query returns something Line 22-23 Catches an exception should something go wrong. Probably a good idea to actually do something with it other then use my static message. Look at SqlExecption class Line 24-25 The Finally block will close the connection to the database regardless of what happens in the Try...Catch. I've also included other .NET'y things that you can look up. String.Empty should be pretty obvious. String.Format is really cool and should save you from concat'ing strings together. Final comment. Once you have the above working, look at SqlParameter class. You will REALLY REALLY want to use parameters and NEVER NEVER NEVER build an SQL string like this. As an exercise to the reader, consider what would happen if I enter the following for my user id: A' OR 1=1; DELETE * FROM CUSTOMER; -- Hope this helps.
|
|
#12
April 16th, 2008, 01:15 PM
|
|||
|
|||
|
i tried this Code:
Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Dim sqlConnect As System.Data.SqlClient.SqlConnection Dim sqlCommandDB As System.Data.SqlClient.SqlCommand Dim sqlInsertCommand As System.Data.SqlClient.SqlCommand Dim toCommandCus As System.Data.SqlClient.SqlCommand = New System.Data.SqlClient.SqlCommand Dim toAdapt As System.Data.SqlClient.SqlDataAdapter = New System.Data.SqlClient.SqlDat |
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
