protected void btnsubmit_Click(object sender, EventArgs e)
{
string login_name = txtuser_name.Text;
string password = txtpwd.Text;
string constr = ConfigurationManager.ConnectionStrings["connstr"].ToString();
SqlConnection con = new SqlConnection(constr);
con.Open();
string sql = "SELECT user_name, pwd FROM admin WHERE (user_name='" + txtuser_name.Text + "') AND (pwd='" + txtpwd.Text + "') ";
SqlCommand cmd = new SqlCommand(sql, con);
string currentname = (string)cmd.ExecuteScalar();
if (currentname != null)
{
Session["admin"] = sql;
Response.Redirect("viewreport.aspx");
}
else
{
lblmsg.Visible = true;
lblmsg.Text = "Incorrect username or password";
}
}