How to compare database values with inputs through html form using c#

Question

Here's the template's HTML form :

<form class="form-login" action="index.html">
            <h2 class="form-login-heading">sign in now</h2>
            <div class="login-wrap">
                <input type="text" class="form-control" placeholder="User ID" autofocus="autofocus">
                <br>
                <input type="password" class="form-control" placeholder="Password">
                <label class="checkbox">
                    <span class="pull-right">
                        <a data-toggle="modal" href="login.html#myModal"> Forgot Password?</a>

                    </span>
                </label>
                <button class="btn btn-theme btn-block" href="index.html" type="submit"><i class="fa fa-lock"></i> SIGN IN</button>

Here's my modification to it :

<form id="form1" runat="server" class="form-login" method="post" action="HomeDoc.aspx">
        <div>
            <h2 class="form-login-heading">sign in now</h2>
                    <div class="login-wrap">
                        <input type="text" class="form-control" placeholder="User ID" id="userid" runat="server" autofocus="autofocus"/>
                        <br/>
                        <input type="password" class="form-control" placeholder="Password" id="password" runat="server" />
                        <label class="checkbox">
                            <span class="pull-right">
                                <a data-toggle="modal" href="StaffLogin.aspx#myModal"> Forgot Password?</a>
                            </span>
                        </label>
                        <button class="btn btn-theme btn-block" runat="server" type="submit"><i class="fa fa-lock"></i> SIGN IN</button>

Output: So far, the page i intend to redirect the user to is being loaded every time i click the submit button, irrespective of the userid/password.

Question: What I want to do is compare the values of the 2 inputs here with the values in my SQLServer db using c#.

Also, i know the c# code for setting up connection and comparing values with db for web forms. So, what specific changes to bring to that code for html form inputs?

Please help. Thanks.

EDIT: Sorry for not providing the back end code. Here(ignore any trivial syntax error):

public partial class StaffLogin : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}
protected void Login_Click(object sender, EventArgs e)
{
    String getTextValuesUserID = Page.Request.Form["userid"].ToString();
    String getTextValuesPassword = Page.Request.Form["password"].ToString();

    //setting up connection with database 
    SqlConnection con = new SqlConnection("Data Source=(LocalDB)\\v11.0;AttachDbFilename=C:\\Users\\Pavel\\Documents\\Visual Studio 2013\\WebSites\\IMS\\App_Data\\DatabaseIMS.mdf;Integrated Security=True");
    con.Open();
    SqlCommand cmd = new SqlCommand("select * from Doctor where userid=@userid and password=@password", con);
    cmd.Parameters.AddWithValue("@userid", getTextValuesUserID);
    cmd.Parameters.AddWithValue("@password", getTextValuesPassword);
    SqlDataAdapter da = new SqlDataAdapter(cmd);
    DataTable dt = new DataTable();
    da.Fill(dt);
    if (dt.Rows.Count > 0)
    {
        //  Response.Redirect("UserLoggedIn.aspx");
        Response.Redirect("HomeDoc.aspx");
    }
    else
    {
        //javascript for invalid username and password Alert box
        ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Invalid Username and password')</script>");
    }
}

}

Answer 1

You have multiple problems in your code, I'll point out just few of them. Before putting this site online, PLEASE, do some research on proper C# programming, because this is just plain wrong...

1.) if you use input fields with runat attribute, you can access their values in code-behind using their IDs! It's much better than to search for them in Request collection

so in your case, instead of

string getTextValuesPassword = Page.Request.Form["password"].ToString();

you can just say

string myPassword = password.Text;

2.) you should learn to close SqlConnection and dispose of external resources

3.) every time you store user's password, you SHOULD NEVER store it in plain text!!! Learn about proper hashing ASAP.

4.) you should never store connection string like this in .cs file. It can change or you may have to use it on multiple places. Store it at least in web.config

5.) .....

To address your specific problem, you are indeed comparing the values to the database values, BUT, you're not actually logging in the user. You need to do some research at least on basic Forms authentication, or if you need a more advanced scenario, you can use ASP.NET Identity.