using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.Security; using System.Data.SqlClient; namespace Ordering_System.member { public partial class MemEditDetails : System.Web.UI.Page { UserDBDataContext db = new UserDBDataContext(); string cs = Global.CS; protected void Page_Load(object sender, EventArgs e) { if (!Page.IsPostBack) { bool found = false; string id = User.Identity.Name; string sql = "SELECT Username FROM Member WHERE Username = @Id"; SqlConnection con = new SqlConnection(cs); SqlCommand cmd = new SqlCommand(sql, con); cmd.Parameters.AddWithValue("@Id", id); con.Open(); SqlDataReader dr = cmd.ExecuteReader(); if (dr.Read()) { found = true; lblMem.Text = (string)dr["Username"]; txtFname.Text = (string)dr["MemFname"]; <----Happened here System.IndexOutOfRangeException txtLname.Text = (string)dr["MemLname"]; txtMYKAD.Text = (string)dr["MemIC"]; txtDate.Text = (string)dr["MemDOB"]; rblGender.Text = (string)dr["Gender"]; txtAddress.Text = (string)dr["MemAddress"]; txtPostCode.Text = (string)dr["Postcode"]; ddlstate.Text = (string)dr["State"]; txtContact.Text = (string)dr["MemContact"]; txtEmail.Text = (string)dr["MemEmail"]; } dr.Close(); con.Close(); if (!found) { Response.Redirect("Home.aspx"); } } } protected void btn_Edit_Click(object sender, EventArgs e) { if (Page.IsValid) { string id = lblMem.Text; string Fname = txtFname.Text; string Lname = txtLname.Text; string ic = txtMYKAD.Text; string dob = txtDate.Text; string gender = rblGender.Text; string address = txtAddress.Text; string postcode = txtPostCode.Text; string state = ddlstate.Text; string contact = txtContact.Text; string email = txtEmail.Text; string oldPW = oldPass.Text; string newPW = newPass.Text; string confirmPW = confirmPass.Text; User u = db.Users.SingleOrDefault( x => x.Username == id && x.Hash == Security.GetHash(oldPW) ); if (u != null) { if (newPass.Text == confirmPass.Text) { string sql = @"UPDATE Member SET Hash = @Password MemFname = @Fname,MemLanme = @Lname MemIC = @Ic, MemDOB = @DOB, Gender = @Gender , MemAddress = @Address, Postcode = @Postcode, State = @State, MemContact = @Contact, MemEmail = @Email WHERE Username = @Id"; SqlConnection con = new SqlConnection(cs); SqlCommand cmd = new SqlCommand(sql, con); cmd.Parameters.AddWithValue("@Password", Security.GetHash(newPW)); cmd.Parameters.AddWithValue("@Id", id); cmd.Parameters.AddWithValue("@Fname", Fname); cmd.Parameters.AddWithValue("@Lname", Lname); cmd.Parameters.AddWithValue("@Ic", ic); cmd.Parameters.AddWithValue("@DOB", dob); cmd.Parameters.AddWithValue("@Gender", gender); cmd.Parameters.AddWithValue("@Address", address); cmd.Parameters.AddWithValue("@Postcode", postcode); cmd.Parameters.AddWithValue("@State", state); cmd.Parameters.AddWithValue("@Contact", contact); cmd.Parameters.AddWithValue("@Email", email); con.Open(); cmd.ExecuteNonQuery(); con.Close(); Response.Redirect("Home.aspx"); } else { CustomValidator2.IsValid = false; } } else { CustomValidator1.IsValid = false; } } } } }
UserName
string sql = "SELECT Username FROM Member WHERE Username = @Id";
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)