Sample code for login button
protected void btnsub_Click(object sender, EventArgs e)
{
try
{
string str = "select name,responsibility,remark,UserType,Deptt,emailid from empbirth where UserID=@userid and password=@pass";
SqlCommand cmd = new SqlCommand(str, Db.GetConnection());
cmd.Parameters.AddWithValue("userid", txtUId.Text);
cmd.Parameters.AddWithValue("pass", txtpwd.Text);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
Session["name"] = dr["name"].ToString();
Session["userid"] = txtUId.Text;
Session["resp"] = dr["responsibility"].ToString();
Session["remark"] = dr["remark"].ToString();
Session["tag"] = dr["UserType"].ToString();
Session["deptt"] = dr["Deptt"].ToString();
Session["password"] = txtpwd.Text;
Session["emailid"] = dr["emailid"].ToString();
cmd.Connection.Close();
Response.Redirect("Home.aspx");
}
else
{
Label1.Text = "Wrong Id or Password / Not in DataBase";
cmd.Connection.Close();
}
}
Suggestion:do not use query like
sSQL = "select Tid from employee_login where UserID = '" + UserID + "' ";
to prevent from SQL Injection.