Click here to Skip to main content
16,016,736 members
Search within:


Code for new user related issues
Please Sign up or sign in to vote.
2.00/5 (1 vote)
See more:
C#
ASP.NET
Hi,
Am doing ma final year project on asp.net-c# which is a website for a hospital.
I've 3 questions.
1)When an user has created an account already and tries to create another account with the same name an error msg should be displayed. I've given username as primary key.

using System;
public partial class appointment : System.Web.UI.Page
{
    public SqlConnection con = new SqlConnection("Data Source=ADMINISTRATOR\\SQLEXPRESS;Initial Catalog=Hospital;Integrated Security=True");
    public SqlDataAdapter da;
    public DataSet ds;
    protected void Page_Load(object sender, EventArgs e)
    {
        lblexists.Visible = false; // label box to display an error msg
    }
    protected void btnaccount_Click(object sender, EventArgs e)
    {
        con.Open();
        { 
            SqlCommand cmd = new SqlCommand("insert into Userreg values('" + txtnewuser.Text + "','" + txtnpwd.Text + "','" + txtcpwd.Text + "','" + txtphone.Text + "','" + txtemail.Text + "','" + txtlocation.Text + "')", con);                  
            cmd.ExecuteNonQuery();           
            Page.ClientScript.RegisterStartupScript(this.GetType(), "me", "alert('Account Created succecfully')", true);            
            txtnewuser.Text = "";           
            txtnpwd.Text = "";            
            txtcpwd.Text = "";            
            txtphone.Text = "";            
            txtemail.Text = "";
            txtlocation.Text = "";
         con.Close();
        }
        Response.Redirect("reqopat.aspx");
    }
}


2)I've used a webpage where users can request an appointment. I've used 2 ddl, ddl ID=SelectASpeciality for department names and ddl ID=SelectADoctor for doctor names. When I select a department name from SelectASpeciality ddl, I wan all the doctors of that department to be displayed in SelectADoctor ddl.

3)I've created a XML file for AdRotator. But am not able add image url. How do I add image url.

Plz help me with an easy code so that i can answer ma viva questions with ease.
Posted
Updated 3-Mar-12 4:18am
v3
Add a Solution
Comments
[no name] 3-Mar-12 10:18am    
Format code snippets and only include what is necessary. The using statments were not necessary

4 solutions

First of all, NEVER accept unvalidated user input and concatenate a SQL command. EVER! Got it?!? Do some research on SQL Injection attack.

Don't instantiate your connection object globally. Create it only when necessary.

Learn to about using clause, as in 
using(SqlCommand cmd = new SqlCommand(...))
{

}


There is already a user database available with all the functionality for registration, unique naming, password reset, etc. http://msdn.microsoft.com/en-us/library/ms229862(v=vs.80).aspx[^]
 
Share this answer
 
Posted
Comments
Nisha1705 3-Mar-12 12:27pm    
Thanks for ur reply...
Sergey Alexandrovich Kryukov 3-Mar-12 18:33pm    
Good points. I added a link on SQL injection, your answer credited. We repeat it all the times.
--SA
I'm kind of surprised nobody mentioned this, but a "username" is a LOUSY primary key. DO NOT DO THAT!

Let the database autoassign ID numbers as the primary key for your user table.
 
Share this answer
 
Posted
Comments
Sergey Alexandrovich Kryukov 3-Mar-12 18:31pm    
Good point, a 5.
--SA
Dave Kreskowiak 3-Mar-12 18:33pm    
You add another column to the table, usually called Id or UserId. Since your project isn't very big and isnt likely to see world wide production, the column type would be an Integer. You set this column as Auto Increment anf Primary Key.

Why is it bas to use user names as the key? Because users are usully able to change their userId.
Nisha1705 4-Mar-12 9:27am    
I got ur point.. Thanku so much i'll implement what u said.
Please see:
http://en.wikipedia.org/wiki/SQL_injection[^].

(In addition to the important point made by Mark Nischalke.)

—SA
 
Share this answer
 
Posted
Comments
Nisha1705 4-Mar-12 9:31am    
Thanks for ur link. Now i've got an idea of how to go ahead.
Sergey Alexandrovich Kryukov 4-Mar-12 12:00pm    
You are welcome.
If so, will you accept this answer formally, too? You can accept more than one.
--SA
1) Firstly u check whether there is record or not with the username which is being inserting. If not exist in table, then insert the record. Otherwise you display the proper error message.
 
Share this answer
 
Posted
Comments
Nisha1705 3-Mar-12 12:24pm    
There is a record of the account created in the table. What i want is when a user tries to create an account with the same name an error msg shud display. When i execute the code mentioned above it says violation of primary key. I don wan t't to happen. Instead i wan an error msg to be displayed.
Since am a beginner i don understand much abt .net... So plz help me to solve dis..
[no name] 3-Mar-12 12:51pm    
A generic reply that give no useful information to the OP
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
datareader related issue
Issue related to line drawing using polygon.
Fax Send Related Issue
ASP.NET- USER Login related Problem!
Update database related issue
I have this code for a spelling and grammar checker with issues
paypal related issue
Question related to user interface
database related issue
Control related issue

Advertise
Privacy
Cookies
Terms of Use
Last Updated 3 Mar 2012
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-07-22:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900