protected void Button1_Click(object sender, EventArgs e) { int a = 0; cmd = new SqlCommand(); com.CommandText = "SELECT * from adminlogin where Password=@Password "; com.Parameters.AddWithValue("@Password", Session["pass"] + ""); DataRow dr = db.gettable(com).Rows[0]; if (dr["Password"] + "" == TextBox1.Text) { com.CommandText = "update adminlogin set Password=@Password where Password=@Password"; com.Parameters.AddWithValue("@Password", TextBox2.Text); } a = db.update(cmd); if (a == 1) { Response.Redirect("./change_passwrd1.aspx"); } }