dim con sqlconnection con = new sqlconnection("server=chinna; uid=sa; pwd=136018@h; database=icms") con.open() dim cmd sqlcommand cmd = new sqlcommand("select pass personal idno=" & textbox1.text, con) cmd.commandtype = commandtype.text dim rdr sqldatareader rdr = cmd.executereader if rdr.read() textbox2.text = rdr.tostring() response.redirect("default.aspx") else msgbox("incorrect password")
you need use parameters in query:
cmd = new sqlcommand("select pass personal idno=@param", con) cmd.parameters.addwithvalue("param", textbox1.text); 
Comments
Post a Comment