Home/ Questions/Q 8563661
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T17:00:40+00:00

I have used an sql statement where I want to display the details of

  • 0

I have used an sql statement where I want to display the details of the current user that is logged in. But when I run this command it 

ConnectionString = "<%$ ConnectionStrings:Details %>" 

SelectCommand = "SELECT *  FROM member WHERE username = 'User.Identity.Name'"

it does not show any details but when I run 

SelectCommand = "SELECT *  FROM member WHERE username = 'david'"

the username david exists in the database and displays the details of only david in the web form. I even did Response.Write on the User.Identity.Name and that statement displays the current user that is logged in the page.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The issue is you’re passing the actual User.Identity.Name as string instead of its value.

    SelectCommand = String.Format("SELECT *  FROM member WHERE username = '{0}'", User.Identity.Name)

    But the better (and safer) practice would be something like

    SelectCommand = "SELECT *  FROM member WHERE username = @UserName"
SelectCommand.Parameters.AddWithValue("@UserName", User.Identity.Name)

    This will prevent SQL injection.

    EDIT:
    Since you are defining this in your page, you can use the following template:

    <asp:SqlDataSource runat="server" ID="SqlDataSource1" ConnectionString="<%$ ConnectionStrings:Details %>" SelectCommand="SELECT * FROM members WHERE ([username] = @UserName)">
    <SelectParameters>
        <asp:Parameter Name="UserName" Type="String" DefaultValue="" />
    </SelectParameters>
</asp:SqlDataSource>

    Then set the default value to User.Identity.Name on the server side:

    SqlDataSource1.SelectParameters.Item(0).DefaultValue = User.Identity.Name

    The easier way to do this is by using the Configure Data Source wizard, which is available by clicking the right arrow beside the SqlDataSource object in design view.

    • 0