Jan 13, 2014 03:43 PM|hans_v|LINK
am pretty sure my code is correct. I follow the code from asp.net workbook by Heng Ngee Mok.
If this comes from a book, I strongly advice you to buy another one....
By concatenating the SQL string, your code is vulnarable to SQL injections. Also, the user input could cause queries to break
Also, to get one value of one record in a select statement, it is an overkill to use a datareader. Simply use ExecuteScalar (see an example in the link above)
And the darareader is obly close when counter is 1. It should be closed before the If statement, not IN the If statement,
Finally. the code is intended for authenticate and authorize users. It reinvents a wheel that is created by Microsoft, and it is called Forms Authentication:
More advanced is to use a membership provider. By default, the build in Membership provider uses a SQL Server (Express) Database, but you can use Access as well: