Hi,
my first post on here so please forgive me if its done badly.
I have an asp login page connected to sql database. user logs in based on information matching the sql table. I have also got a session functioning. I am i the very early days of my project. so after i log the user in they are redirected to a Dashboard page and i can display their user id which was assigned to the session. The next step is i want to display other attributes from the database table like name and age etc.
so this is the code i have on the login page:
protected void Button1_Click(object sender, EventArgs e) { try { string uid = TextBox1.Text; string pass = TextBox2.Text; myCon.Open(); string qry = "select userId from users where userId='" + uid + "' and Password='" + pass + "'"; SqlCommand cmd = new SqlCommand(qry, myCon); SqlDataReader sdr = cmd.ExecuteReader(); if (sdr.Read()) { Session["userId"] = uid.Trim(); Response.Redirect("Dashboard.aspx"); } else { Label4.Text = "UserId & Password Is not correct Try again..!!"; } myCon.Close(); } catch(Exception ex){ Response.Write(ex.Message); } }
On the dashboard page i have the following:
protected void Page_Load(object sender, EventArgs e) { if (Session["userId"] == null) Response.Redirect("Login.aspx"); SessionLabel.Text = "Username : " + Session["userId"]; } protected void ButtonLogout_Click(object sender, EventArgs e) { Session.Abandon(); Response.Redirect("Login.aspx"); }
Do i need to define another connection now and create another select based on the session information or what is good practice to pull in sql data after a login?
Many Thnaks
Gus