Reputation: 359
Redirect page after SQL query
Assuming that I'm on http://localhost:7924/default , and I type the login info , here is what happens in each scenario :
If password is wrong (or correct) + login_name doesn't exist => refresh page
If password is wrong + login_name exist (correct) => going to error_page
If both are correct => redirected to CP.aspx
string text = username_login.Text;
string str2 = password_login.Text;
SqlConnection sqlcon = new SqlConnection(Functions.Auth());
SqlCommand sqlcmd = new SqlCommand();
sqlcmd.CommandText = "SELECT TOP 1 password FROM dbo.Accounts WHERE login_name = @login_name";
sqlcmd.Parameters.Add("@login_name", System.Data.SqlDbType.NVarChar).Value = text;
sqlcmd.CommandType = System.Data.CommandType.Text;
sqlcmd.Connection = sqlcon;
sqlcon.Open();
SqlDataReader sqlreader = sqlcmd.ExecuteReader();
string returnString = String.Empty;
while (sqlreader.Read())
{
if (sqlreader["password"].ToString() == Functions.CreateMD5Hash("5487" + str2.ToString()))
{
this.Session["logged_in"] = "true";
this.Session["username"] = text;
base.Response.Redirect("/CP.aspx");
}
else
{
base.Response.Redirect("/error_page?err=login-fail");
}
}
Both 2. & 3. are working as should be, however, the first one is not. I don't understand why It only refreshes the page instead of going to the error page since the details are wrong. (since It cannot make the comparison)
EDIT : I also checked if password is NULL => redirect to error_page but that refreshes the page as well.
Upvotes: 1
Views: 1487
Answers (4)
Reputation: 898
I have modified your code and check it this will solve your problem
public static string ReplaceAll(String Str)
{
Str = Str.Replace("'", " ");
Str = Str.Replace(";", " ");
Str = Str.TrimStart();
Str = Str.TrimEnd();
return Str;
}
public void MyFunction()
{
SqlConnection sqlcon = new SqlConnection(Functions.Auth());
SqlDataAdapter sda = new SqlDataAdapter("SELECT TOP 1 password FROM dbo.Accounts WHERE login_name = '" + ReplaceAll(username_login.Text) + "' and password='" + ReplaceAll(password_login.Text) + "'", sqlcon);
DataTable dt = new DataTable();
sda.Fill(dt);
if (dt.Rows.Count > 0)
{
this.Session["logged_in"] = "true";
this.Session["username"] = text;
base.Response.Redirect("/CP.aspx");
}
else
{
base.Response.Redirect("/error_page?err=login-fail");
}}
Upvotes: 0
Reputation: 27585
Technically: 1. if sqlreader hasn't any row or 2. if none of conditions in while loop getting true, the same page would be rendered. But for getting referesh the page, you can use Response.Redirect(Request.RawUrl). I like to make some changes in your code - just a little bit:
// since you are selecting 1 top row, here you would 0 or 1 row at all.
// so you don't need to use `while` and `if` doing well
// also, you won't need to check if `sqlreader.HasRows`,
// because the `if (sqlreader.Read())` does the same.
if (sqlreader.Read())
{
if (sqlreader["password"].ToString() == Functions.CreateMD5Hash("5487" + str2.ToString()))
{
this.Session["logged_in"] = "true";
this.Session["username"] = text;
base.Response.Redirect("/CP.aspx");
}
else
{
base.Response.Redirect("/error_page?err=login-fail");
}
}
// there is no need to use an `else`. just do the redirect:
Response.Redirect(Request.RawUrl);
Upvotes: 1
Reputation: 56
You just need to check if it has any value.
if(sqlreader.HasRows)
{
While...
}
else
{
//refresh page code here
}
Also you might want to think about a better architect n-tie, Presentation Layer, Business Layer, Data Access Layer.
Upvotes: 4
Related Questions
- redirect a page automatically
- response redirect from one page to another in asp.net
- How to create sql connection with c# code behind, access the sql server then conditionally redirect?
- Page Redirect On Page_Load IF Record Exists
- Query SQL and get the result direct to .aspx page
- redirection of pages
- Redirect to page on button click
- redirect to specific page based on db value
- Redirecting page depending on query string
- Page redirecting before SQL has excuted - ASP.NET MVC