There are many ways to approach this scenario and accomplish what you are trying to write. The above sample code posted by shweta123 is a nice example but I do recommend a little different road to take.
This example above uses in-line SQL statements, one major mistake if you want to become victim of SQL injection attacks. But it really just depends on how secure and
"code tight" you want your application. In the beginning, I think every developer used in-line SQL but as we continue to learn from others and keep an open mind every developer I know uses stored procedures to accomplish these types of tasks.
I am going to provide you an example of how my team would write out this type of
EXAMPLE code to check the database for User Name, Password and Email so we can continue with the script. We would have all of this code broken down into different layers (Data Access, Business Logic and Presentation) but this is a simple code example.
THIS EXAMPLE BELOW IS RELATED TO SIGNING UP A USER, BUT YOU CAN GATHER THE SYNTAX FROM IT TO CHECK WHETHER THE USERS USERNAME AND PASSWORD ARE CORRECT. DATABASE TABLE -
App_Users (DATABASE TABLE)
-
UserID (integer)
-
UserName (nvarchar(64))
-
UserPassword (nvarchar(256))
-
UserEmail (nvarchar(50))
-
DATABASE STORED PROCEDURE -
CREATE PROCEDURE [App_Users_SignUpUser]
-
(
-
@UserName nvarchar(64),
-
@UserPassword nvarchar(256),
-
@UserEmail nvarchar(50)
-
)
-
AS
-
IF EXISTS(SELECT UserID FROM App_Users WHERE UserName = @UserName OR UserEmail = @UserEmail)
-
BEGIN
-
-- USER EXISTS SO THROW ERROR IN CODE MATCHING VALUE USEREXISTS AND HAVE USER FILL OUT DIFFERENT INFORMATION
-
-- return table 1
-
SELECT 'UserExists' AS 'STATUS'
-
END
-
ELSE
-
BEGIN
-
-- USER DOES NOT EXIST YOU CAN CONTINUE CREATING NEW USER
-
-- return table 1
-
SELECT 'NoUserExisted' AS 'STATUS'
-
-- insert new user information into table
-
INSERT INTO App_Users ( UserName, UserPassword, UserEmail ) VALUES ( @UserName, @UserPassword, @UserEmail )
-
END
-
GO
-
C# ASP.NET 2.0 CODE
Assuming you already have these items below here is the code behind page:
- Three textbox server controls and a button on the page with the OnClick event equal to btnSignIn_Click
- Downloaded SQL Helper from Microsoft (I can provide this if needed)
- You have a connection string declared in your web.config
-
public DataSet App_Users_SignUpUserMethod(string userName, string userPassword, string userEmail)
-
{
-
DataSet ds = new DataSet();
-
-
-
try
-
{
-
// this sets up connection string from web.config file
-
// in order for the configuration manager to display, you
-
// must declare using System.Configuration namespace at top of page
-
string strMyConnectionString = ConfigurationManager.ConnectionStrings["MY_DB_CONN"].ConnectionString;
-
-
// this sqlhelper saves lots of time
-
ds = SqlHelper.ExecuteDataset(strMyConnectionString, "App_Users_SignUpUser", userName, userPassword, userEmail);
-
}
-
catch (Exception ex)
-
{
-
throw new Exception(ex.Message);
-
}
-
-
return ds;
-
}
-
-
protected void btnSignIn_Click (object sender, EventArgs e)
-
{
-
string userName = txtUserName.Text.Trim(); string userPassword = txtUserPassword.Text.Trim();string userEmail = txtUserEmail.Text.Trim();
-
-
DataSet ds;
-
ds = App_Users_SignUpUserMethod(userName, userPassword, userEmail);
-
-
// this STATUS is what is returned from the stored procedure
-
string status = ds.Tables[0].Rows[0]["STATUS"].ToString();
-
-
// now we want to specify what we are doing next depending
-
// on what status was returned from the database
-
try
-
{
-
switch (status)
-
{ case "NoUserExisted":
-
// now you can write your method here for next step
-
// maybe you want to redirect them to thank you page
-
// note: this information has been inserted
-
// into the database because the user did not exist
-
-
case "UserExists":
-
// now because a user exists with this information
-
// you may want to let them know in a label server control
-
lblMessage.Visible = true;
-
// in order for color.red to show, you must declare
-
// using System.Drawing namespace at top of page
-
lblMessage.ForeColor = Color.Red;
-
lblMessage.Text = "User Name / Email Already Exists";
-
break;
-
}
-
}
-
catch (Exception ex)
-
{
-
throw new Exception(ex.Message);
-
}
-
}
-
SHORT ENDING
Please remember every developer has their own style of coding. So once you find yours, you will be able to accomplish anything you set your mind to and be able to do it in your own way. This example is simply how we would have written it quickly. Also, of course I don't recommend using raw text for passwords stored in database neither so you may want to look into Rijndael Encryption Methods to encrypt the users passwords.
ALSO, IF YOU WANT AN EXAMPLE ON FORMS AUTHENTICATION WE MAY WANT TO TYPE IT UP IN A DIFFERENT THREAD.
11
