Create store procedure in sql query analyser
CREATE PROCEDURE sp_chkadmin
@login_id varchar(50),
@password varchar(50)
as begin
select * from where login_id = @login_id and password =@password
end
GO
protected void butlogin_ServerClick1(object sender, EventArgs e)
{
string username = txtlogin.Value.ToString().Replace("'", "''");
string password = txtpassword.Value.ToString().Replace("'", "''");
int isUserExist=0;
isUserExist = IsUserExist(username, password);
if (isUserExist == 1)
{
Session["admin"] = username;
Response.Redirect("next.aspx");
}
else
{
lblhead.Text = "Please Enter Correct Username or Password !";
lblhead.Visible = true;
}
}
public int IsUserExist(string id,string pass)
{
string CONN_STRING = System.Configuration.ConfigurationSettings.AppSettings["urlString"]
.ToString();//"provider=sqloledb;server=aaa;uid=aa;pwd=aa;";
SqlConnection conn = new SqlConnection(CONN_STRING);
SqlCommand cmd = new SqlCommand();
SqlDataAdapter da = new SqlDataAdapter();
DataSet ds =new DataSet() ;
int iRows = 0;
try
{
cmd.Connection = conn;
if (conn.State == ConnectionState.Closed) conn.Open();
// conn.Open();
cmd.Parameters.Clear();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "sp_chkadmin";
cmd.Parameters.Add(new SqlParameter("@login_id", SqlDbType.VarChar));
cmd.Parameters["@login_id"].Value = id;
cmd.Parameters.Add(new SqlParameter("@password", SqlDbType.VarChar));
cmd.Parameters["@password"].Value = pass;
da.SelectCommand = cmd;
iRows = Convert.ToInt32(cmd.ExecuteScalar());
}
catch (Exception ex)
{
}
finally
{
if (conn.State == ConnectionState.Open) conn.Close();
}
return iRows;
}
Tuesday, July 8, 2008
Subscribe to:
Post Comments (Atom)
1 comment:
Thanks Dear it's realy helpful for us
Post a Comment