protected void loginButton_Click(object sender, EventArgs e) { SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString); conn.Open(); String checkUser = "******" + username.Text + "'"; SqlCommand com = new SqlCommand(checkUser, conn); int temp = Convert.ToInt32(com.ExecuteScalar().ToString()); conn.Close(); if (temp == 1) { conn.Open(); string checkPassQuery = "select password from Users where username='******'"; SqlCommand comm = new SqlCommand(checkPassQuery, conn); string pass = comm.ExecuteScalar().ToString(); string loginPasswd = passsword.Text; if (pass == loginPasswd) { Session["loggedInUser"] = username.Text; UsersTableAdapter U = new UsersTableAdapter(); string role = U.getRoleByUsername(username.Text); string avatar = U.getImage(username.Text); Session["userRole"] = role; Session["avatar"] = avatar; Response.Write("Passwd is correct"); Response.Redirect("Default.aspx"); } else { gresit.Visible = true; } } else { gresit.Visible = true; } conn.Close(); }