Would you like a list?
Where should I start....
0) You do realize that you won't get an SQL connection working with the string "connection string"? You need to tell it which SQL server instance, and database to use.
1) Why are you retrieving the password and mobile number from the database, based on the mobile number and the password? All you would be doing would be pulling back the information you already have. Either retrieve a more useful column, or retrieve a count.
2) Why are you leaving yourself wide open to SQL Injection attacks which can accidentally or deliberately destroy your database? Use Parametrized queries instead.
3) Why are you storing passwords in plain text? All you are doing is leaving everybodies user information wide open to everyone who wants to look at it. Hash it instead and store the hash. There is info on this here:
Password Storage: How to do it.[
^]
4) Why aren't you actually using any of the results from your database query? All you test does is say "log in anyone who has the mobile number 'mobileno' and the password 'password'
5) You do realize that even if you fixed these things, all that would happen is the user would get annoyed? Because he would type in his details, you would check them, then throw them away when you re-direct to the signup.aspx page?
Does that sound harsh? Yes, it probably does.
Try to do one thing at a time. Establish your connection, and make sure it works. Then move on to retrieving infor from teh DB, and so forth.
Look at your course notes, and try to work out what you are supposed to do here...:laugh: