im actually doing a ecommerce dynamic website using asp.net.
my code for button login is as below.
May i know the origin of the error? or how it happened
protected void btnLogin_Click(object sender, EventArgs e)
{
OleDbConnection mDB = new OleDbConnection();
mDB.ConnectionString = "Provider = Microsoft.Jet.OLEDB.4.0;Data source="
+ Server.MapPath("~/App_Data/webBase.mdb");
mDB.Open();
OleDbCommand cmd;
OleDbDataReader rdr;
String strSql1 = "SELECT * FROM customersTable";
cmd = new OleDbCommand(strSql1, mDB);
rdr = cmd.ExecuteReader();
while (rdr.Read() == true)
{
if (txtUserId.Text == (string)rdr["cUserId"] && txtPassword.Text == (string)rdr["cPassword"])
{
Session["sFlag"] = "T"; // sFlag = "T" means user has logged in
Session["sName"] = rdr["cName"];
Session["sUserId"] = rdr["cUserId"];
Session["sAddress"] = rdr["cAddress"];
Session["sEmail"] = rdr["cEmail"];
Session["sTel"] = rdr["cTel"];
lblMessage.Text = "Welcome " + Session["sName"];
btnUpdateData.Visible = true;
btnLogOut.Visible = true;
String strOFlag = "F";
// check to see if there is an active order record - inserted to allow buying
String strUserId = (string)Session["sUserId"];
String strSql2 = "SELECT oStatus FROM ordersTable "
+ "WHERE oUserId = " + "'" + strUserId + "'" + "ORDER BY oOrderNo DESC;";
cmd = new OleDbCommand(strSql2, mDB);
rdr = cmd.ExecuteReader();
Boolean booRows = rdr.HasRows; // rdr.HasRows is true when there are recordsif (booRows) // when booRows is true, there are order records for the user
{
rdr.Read();
if ((string)rdr["oStatus"] != "Ordering")
{
strOFlag = "T"; // =”T” means there is a need to generate a new order number
}
else
{
strOFlag = "T";
}
}
if (strOFlag == "T")
{
// insert a new order record
String strStatus = "Ordering";
String strSQL3 = "INSERT INTO ordersTable (oUserId, oStatus) VALUES ("
+ "'" + strUserId + "'" + ", " + "'" + strStatus + "')";
cmd = new OleDbCommand(strSQL3, mDB);
cmd.ExecuteNonQuery();
}
// get back order No - this order No is needed when the user buys an item
String strSql4 = "SELECT oOrderNo FROM ordersTable "
+ "WHERE oUserId = " + "'" + strUserId + "'" + "ORDER BY oOrderNo DESC;";
cmd = new OleDbCommand(strSql4, mDB);
rdr = cmd.ExecuteReader();
rdr.Read();
Session["sOrderNo"] = rdr["oOrderNo"]; // store the active order no in sOrderNo
mDB.Close();
Response.Redirect("Home.aspx");
}
}// userid and password not matched, hence login unsuccessful
btnLogOut.Visible = false;
btnUpdateData.Visible = false;
Session["sFlag"] = "F";
Session["sName"] = "";
Session["sUserId"] = "";
lblMessage.Text = "Error in login - Please login again ";
}
protected void btnLogOut_Click(object sender, EventArgs e)
{
btnLogOut.Visible = false;
btnUpdateData.Visible = false;
Session["sFlag"] = "L"; // L for logout
Session["sName"] = "";
Session["sUserId"] = "";
Session["sOrderNo"] = "";
txtUserId.Text = "";
}
protected void btnUpdateData_Click(object sender, EventArgs e)
{
Response.Redirect("UpdateCust.aspx");
}
}
the picture attached when there is a error is below
