Trying to store ID into a session after registering

StackOverflow https://stackoverflow.com/questions/21511617

Question

I have a register form which check for the NRIC first, if the NRIC matches with the record in my patient table, it will sucessfully update that username and password into that existing record and it will redirect to the second image below. I want to store the patientID into the session after registering. The problem is the patientID that is stored is always patientID 1. See the below 1st image, if I type in S9583728F as the IC, and watever username and click sign up, it will redirect to the second image, I have used a textbox to check the value of the session, and it came out patientID 1 which belongs to richard!! It should be patientID 5 because the nric that I entered which is John belongs to patientID 5.

Was it helpful?

Solution

You never execute the update query. And your select query is returning all patients so execute scaler will always give you this first one. You also might want to avoid so many cmd.execute..

OTHER TIPS

This is my code that works following user3142116 advice. Thanks

using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using System.Data.SqlClient;
    using System.Configuration;
    using System.Data;
    using System.Web.Security;
    using System.Globalization;
    using System.Text;
    using System.Threading;

    public partial class register : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }
        protected void btnCreate_Click(object sender, EventArgs e)
        {
            if (Page.IsValid)
            {
                using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["sacpConnectionString"].ConnectionString))
                {
                    try
                    {
                        SqlCommand cmd = new SqlCommand();
                        Guid guid;
                        guid = Guid.NewGuid();
                        string sql = @"UPDATE patient 
                            SET 
                            pUserName = @pUserName,
                            pPassword = @pPassword
                            WHERE pIC = @pIC";

                        cmd.Parameters.AddWithValue("@pIC", txtIC.Value);
                        cmd.Parameters.AddWithValue("@pUsername", txtUsername.Value);
                        cmd.Parameters.AddWithValue("@pPassword", txtPassword.Value);

                        cmd.Connection = con;
                        cmd.CommandText = sql;

                        con.Open();

                        cmd.ExecuteNonQuery();
                        cmd.CommandText = "SELECT patientID, pUsername, pPassword FROM patient WHERE pIC = @pIC;";

                        int id = (cmd.ExecuteScalar() != null) ? Convert.ToInt32(cmd.ExecuteScalar()) : 0;
                        if (id > 0)
                        {

                            Session.Add("ID", id);

                            Session.Add("Username", txtUsername.Value);
                            Session.Add("Password", txtPassword.Value);
                            FormsAuthentication.SetAuthCookie(txtUsername.Value, true);
                            Response.Redirect("registered.aspx");
                        }

                    }

                    finally
                    {
                        con.Close();
                    }
                }
            }
        }
    }
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top