Hi,
my first post on here so please forgive me if its done badly.
I have an asp login page connected to sql database. user logs in based on information matching the sql table. I have also got a session functioning. I am i the very early days of my project. so after i log the user in they are redirected to a Dashboard page and i can display their user id which was assigned to the session. The next step is i want to display other attributes from the database table like name and age etc.
so this is the code i have on the login page:
protected void Button1_Click(object sender, EventArgs e)
{
try
{
string uid = TextBox1.Text;
string pass = TextBox2.Text;
myCon.Open();
string qry = "select userId from users where userId='" + uid + "' and Password='" + pass + "'";
SqlCommand cmd = new SqlCommand(qry, myCon);
SqlDataReader sdr = cmd.ExecuteReader();
if (sdr.Read())
{
Session["userId"] = uid.Trim();
Response.Redirect("Dashboard.aspx");
}
else
{
Label4.Text = "UserId & Password Is not correct Try again..!!";
}
myCon.Close();
}
catch(Exception ex){
Response.Write(ex.Message);
}
}
On the dashboard page i have the following:
protected void Page_Load(object sender, EventArgs e)
{
if (Session["userId"] == null)
Response.Redirect("Login.aspx");
SessionLabel.Text = "Username : " + Session["userId"];
}
protected void ButtonLogout_Click(object sender, EventArgs e)
{
Session.Abandon();
Response.Redirect("Login.aspx");
}
Do i need to define another connection now and create another select based on the session information or what is good practice to pull in sql data after a login?
Many Thnaks
Gus