privatevoid btnLogin_ServerClick(object sender, System.EventArgs e) { SqlConnection con; string sql; SqlCommand cmd; string id; con =new SqlConnection("data source=(local)\\NetSdk;initial catalog=FriendsData;user id=sa"); sql ="SELECT UserID FROM [User] WHERE Login='{0}' and Password='{1}'"; // Format the string with the values provided sql = String.Format(sql, txtLogin.Value, txtPwd.Value); cmd =new SqlCommand(sql, con); con.Open(); try { // Retrieve the UserID id = (string) cmd.ExecuteScalar(); } finally { con.Close(); } if (id !=null) { // Set the user as authenticated and send him to the page originally requested. FormsAuthentication.RedirectFromLoginPage(id, chkPersist.Checked); } else { this.pnlError.Visible =true; this.lblError.Text ="Invalid user name or password!"; } }