prevent unauthorized access

[killerg]

also in the login how do we prevent the users
which their pass and email doesnt match to
login. i used the following sql and also iam trying some if statements but all the users can access even if their pass and email dont match.

Dim dbconn, sql, dbcomm, dbread
dbconn = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0; data source=" & Server.MapPath("App_Data\Login.mdb"))
dbconn.Open()
sql = "SELECT Name FROM User_details WHERE Email = '" & mail.Text & "' AND 'Password'= '" & pass.Text & "' "
dbcomm = New OleDbCommand(sql, dbconn)
dbread = dbcomm.ExecuteReader()

 

[killerg]

i found the way

Dim dbconn, sql, dbcomm, dbread
dbconn = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0; data source=" & Server.MapPath("App_Data\Bookshop.mdb"))
dbconn.Open()
sql = "SELECT * FROM User_details WHERE Email = '" & mail.Text & "' AND [Password]= '" & pass.Text & "' "
dbcomm = New OleDbCommand(sql, dbconn)
dbread = dbcomm.ExecuteReader()
Dim sName As String
While dbread.Read()

sName = dbread("Name")

Response.Redirect("Main.aspx?Value=" & sName)

End While



End Sub



this on the button load of the login page


and this is on the load of the main page

Dim sName As String


sName = Request.QueryString("Value")
Response.Write("Your name is " & sName)