private void btnCustomFind_Click(object sender, EventArgs e) { con.Open(); SqlCommand cmd = con.CreateCommand(); cmd.CommandType = CommandType.Text;
cmd.CommandText = "select Contact from Login where Username='" + txtName.Text + "' ";
txtNumber.Text = Convert.ToString(cmd.ExecuteScalar());
con.Close();
return;
}
So above is my code when the user enters their username, their contact will show.
However, due to security reasons, if the user knows 1 or more different usernames, the user can easily gather their personal particulars. I have a database called "Login" where i keep every User's login.
1) How do I limit the Find to only one user? The one user being the one who logged in.