3 Replies - 1637 Views - Last Post: 15 December 2013 - 11:17 AM Rate Topic: -----

#1 jesders88  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 46
  • Joined: 25-October 12

Getting Select query values on webpage after login

Posted 12 December 2013 - 03:16 PM

I have a login page and I can get logged in just fine based on my database. Problem is when I try to retrieve the values from the database and output them to the screen I cant get the values. Can someone help me figure out the problem I have going on.
Codes Below.


using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;

public partial class login : System.Web.UI.Page
{
    
    protected void Page_Load(object sender, EventArgs e)
    {
        txtUser.Focus();
        badUserPassCombo.Visible = false;
        if (Page.IsPostBack)
        {
            SqlConnection dbConnection = new SqlConnection("Data Source=.\\SQLEXPRESS;Integrated Security=True");
            try
            {

                dbConnection.Open();
                dbConnection.ChangeDatabase("BedNBreakfast");
                SqlCommand sqlCommand = new SqlCommand("SELECT * FROM Customer WHERE userName ='"
                    + txtUser.Text + "' AND userPassword = '" + txtPassword.Text + "'", dbConnection);


                SqlDataReader curUser = sqlCommand.ExecuteReader();
                if (curUser.Read())
                {
                    Session["userName"] = curUser["userName"].ToString();
                    Session["userPassword"] = curUser["userPassword"].ToString();

                    Response.Redirect("showUserInfo.aspx");
                }
                else
                    
                txtUser.Focus();
                
                badUserPassCombo.Visible = true;
                badUserPassCombo.Text = "Bad UserName and/or Password";

            }
            catch (SqlException exception)
            {
                Response.Write("<p>Error code " + exception.Number
                    + ": " + exception.Message + "</p>");
            }
            dbConnection.Close();
        }
    }
}


using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;

public partial class showUserInfo : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        string firstName="";
        
        lblWelcome.Visible = true;
        
       
            SqlConnection dbConnection = new SqlConnection("Data Source=.\\SQLEXPRESS;Integrated Security=True");
            try
            {

                dbConnection.Open();
                dbConnection.ChangeDatabase("BedNBreakfast");
                SqlCommand sqlCommand = new SqlCommand("SELECT * FROM Customer WHERE firstName ='" + firstName +
                    "' AND middleName = '" + Session["middleName"] +
                    "' AND lastName = '" + Session["lastName"] +
                    "' AND phoneNumber = '" + Session["phoneNumber"] +
                    "' AND emailAddress = '" + Session["emailAddress"] +
                    "' AND cardNumber = '" + Session["cardNumber"] +
                    "' AND cardExpiration = '" + Session["cardExpiration"] +
                    "' AND cardType = '" + Session["cardType"] +
                    "' AND cardSecurityCode = '" + Session["cardSecurityCode"] +
                    "' AND comments = '" + Session["comments"] +
                    "' AND userName = '" + Session["userName"] +
                    "' AND userPassword = '" + Session["userPassword"] + 
                "'", dbConnection);
                

                SqlDataReader curUser = sqlCommand.ExecuteReader();
                if (curUser.Read())
                {
                  
                   lblWelcome.Text += "<h1>Welcome " +firstName + "<br/>Below Is Your Current Information<br/><br/></h1>";
                   Response.Write(curUser["firstName"]);
                    

                    
                    
                    
                }
                else
                {
                   
                lblWelcome.Text = Session["userName"].ToString();

            }}
            catch (SqlException exception)
            {
                Response.Write("<p>Error code " + exception.Number
                    + ": " + exception.Message + "</p>");
            }
            dbConnection.Close();
        }
    }




Is This A Good Question/Topic? 0
  • +

Replies To: Getting Select query values on webpage after login

#2 andrewsw  Icon User is online

  • Fire giant boob nipple gun!
  • member icon

Reputation: 3526
  • View blog
  • Posts: 12,042
  • Joined: 12-December 12

Re: Getting Select query values on webpage after login

Posted 12 December 2013 - 03:51 PM

Do you receive any errors?

But you are setting firstname to "" and then attempt to select customers based on this firstname.

You should also check all your session-data. But why are you attempting to match records based on ALL of this data? A single space in the wrong place would return no records. Typically, records should be selected based on an id number, or a match, or partial match, on two or three fields. Attempting to exactly match 10 fields will always be error-prone, and should not be necessary. (Added: In particular, attempting to match 'comments' is most likely to fail.)



You should also investigate prepared statements.

This post has been edited by andrewsw: 12 December 2013 - 03:56 PM

Was This Post Helpful? 0
  • +
  • -

#3 jesders88  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 46
  • Joined: 25-October 12

Re: Getting Select query values on webpage after login

Posted 12 December 2013 - 08:01 PM

So i got the information back and the only problem is that i now have information that is outside the webpage. It doesnt show up in the webpage wrapper rather it shows on the background of the website if that makes sense? Can you tell me why that is.

Attached is the aspx file and aspx.cs file.


<%@ Page Language="C#" AutoEventWireup="true" CodeFile="showUserInfo.aspx.cs" Inherits="showUserInfo" %>
<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
    <title>MJ's Bed N' Breakfast</title>
    <link rel="stylesheet" type="text/css" href="css/styles.css" />
</head>
<body>
    <div id ="wrapper">

        
    <nav>
            <div id="leftNav">
            <a href="index.aspx">Home</a>
            <a href="about.aspx">About</a>
            <a href="contact.aspx">Contact</a>
            </div>
            
        <div id="rightNav">
            <a href="login.aspx">Login</a>
            <a href="register.aspx">Register</a>
        </div>
            
 
               
    </nav>
        
      <header>
       <img src="images/banner.jpg" />
      </header>
                
   
        <div>
          <asp:Label runat="server" ID="lblWelcome"></asp:Label><br />
            <asp:Table runat="server" ID ="showUserInfoTable">
                <asp:TableRow runat="server" ID="customerID"></asp:TableRow>
            </asp:Table>
        </div>
        
        <footer>
            Copyright&copy; 2013 MJ's Bed N' Breakfast
        </footer>
        
      

    </div>
   
 
      

</body>
</html>




using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;

public partial class showUserInfo : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

        
        lblWelcome.Visible = true;
        
       
            SqlConnection dbConnection = new SqlConnection("Data Source=.\\SQLEXPRESS;Integrated Security=True");
            try
            {

                dbConnection.Open();
                dbConnection.ChangeDatabase("BedNBreakfast");
                SqlCommand sqlCommand = new SqlCommand("SELECT * FROM Customer WHERE userName ='" + Session["userName"] + "'", dbConnection);
                

                SqlDataReader curUser = sqlCommand.ExecuteReader();
                if (curUser.Read())
                {
                  
                   lblWelcome.Text += "<h1>Welcome " + curUser["userName"] + "<br/>Below Is Your Current Information<br/><br/></h1>";
                  

                     Response.Write("<table width ='250px' border ='1'>");
            
            do
            {
                
               
                Response.Write("<tr><td>" + curUser["customerID"] + "</td></tr>");
                Response.Write("<tr><td>" + curUser["firstName"] + "</td></tr>");
                Response.Write("<tr><td>" + curUser["middleName"] + "</td></tr>");
                Response.Write("<tr><td>" + curUser["lastName"] + "</td></tr>");
                Response.Write("<tr><td>" + curUser["phoneNumber"] + "</td></tr>");
                Response.Write("<tr><td>" + curUser["emailAddress"] + "</td></tr>");
                Response.Write("<tr><td>" + curUser["cardNumber"] + "</td></tr>");
                Response.Write("<tr><td>" + curUser["cardExpiration"] + "</td></tr>");
                Response.Write("<tr><td>" + curUser["cardType"] + "</td></tr>");
                Response.Write("<tr><td>" + curUser["cardSecurityCode"] + "</td></tr>");
                Response.Write("<tr><td>" + curUser["comments"] + "</td></tr>");
                Response.Write("<tr><td>" + curUser["userName"] + "</td></tr>");
                Response.Write("<tr><td>" + curUser["userPassword"] + "</td></tr>");
             
            }
            while (curUser.Read());
            Response.Write("</table>");

        }
        else
        {
            Response.Write("<p>No Current Users.</p>");
            curUser.Close(); dbConnection.Close();
        }
            }
            catch (SqlException exception)
            {
                Response.Write("<p>Error code " + exception.Number
                    + ": " + exception.Message + "</p>");
            }
            dbConnection.Close();
        }
    }



Was This Post Helpful? 0
  • +
  • -

#4 Nakor  Icon User is offline

  • Professional Lurker
  • member icon

Reputation: 444
  • View blog
  • Posts: 1,492
  • Joined: 28-April 09

Re: Getting Select query values on webpage after login

Posted 15 December 2013 - 11:17 AM

You really shouldn't be using Response.Write to create your html. Add controls to your page and set their values instead.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1