The user uses email adddress and password to login. I put the email address in a session using:
//process login
string query = "Select Count(*) From Client Where Email = ? And [Password] = ?";
int result = 0;
using (OleDbCommand cmd = new OleDbCommand(query, conn))
{
cmd.Parameters.AddWithValue("", TxtEmailAddress.Text);
cmd.Parameters.AddWithValue("", txtPswd.Text);
Session["Email"] = TxtEmailAddress.Text;
result = (int)cmd.ExecuteScalar();
}
if (result > 0)
{
Response.Redirect("ClientSubmission.aspx");
}
else
{
BadCredentials.Visible = true;
}Then on the next page, the user submits some stuff and the submission along with the email address gets inputted into the DB using:
String Email = (string)(Session["Email"]);
insertQuery = "INSERT INTO ClientSubmission (FileName, Email) ";
insertQuery += "VALUES ('" + FileName.InnerHtml + "','" + Email + ")";
OleDbCommand command = new OleDbCommand(insertQuery, conn); // create a command object for this sql
command.ExecuteNonQuery(); // execute the sql statement
command = new OleDbCommand("SELECT @@IDENTITY", conn); // execute this sql statement to get the primary key of the added record
int SubmissionID = (int)command.ExecuteScalar(); // in this case it is the Submission IDHowever, I get the error:
Syntax error in string in query expression ''craig@gmail.com)'.