Listing 1

Public Function Login(ByVal email As String, ByVal password As String) As String

' Create Instance of Connection and Command
' Object
Dim myConnection As SqlConnection = New SqlConnection(ConfigurationSettings.AppSettings("ConnectionString"))

Dim myCommand As SqlCommand = New SqlCommand
("SELECT CustomerID FROM Customers
WHERE EmailAddress = '" & email & "' 
AND Password = '" & password & "'", myConnection)

myCommand.CommandType = CommandType.Text

' Open the connection and execute the Command
myConnection.Open()
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim customerId As Integer = 0

While myReader.Read()
customerId = CInt(myReader.GetValue(0))
End While

myConnection.Close()

Return customerId.ToString()
End Function



Listing 2

Public Function Login
(ByVal email As String, ByVal password As String) As String

' Create Instance of Connection and Command
' Object
Dim myConnection As SqlConnection = New SqlConnection(ConfigurationSettings.AppSettings("ConnectionString"))
Dim myCommand As SqlCommand = New SqlCommand("CustomerLogin", myConnection)

' Mark the Command as a SPROC
myCommand.CommandType = CommandType.StoredProcedure

' Add Parameters to SPROC
Dim parameterEmail As SqlParameter = New SqlParameter
("@Email", SqlDbType.NVarChar, 50)
parameterEmail.Value = email
myCommand.Parameters.Add(parameterEmail)

Dim parameterPassword As SqlParameter =
New SqlParameter("@Password", SqlDbType.NVarChar, 50)
parameterPassword.Value = password
myCommand.Parameters.Add(parameterPassword)

Dim parameterCustomerID As SqlParameter =
New SqlParameter("@CustomerID", SqlDbType.Int, 4)
parameterCustomerID.Direction = ParameterDirection.Output
myCommand.Parameters.Add(parameterCustomerID)

' Open the connection and execute the Command
' myConnection.Open()
myCommand.ExecuteNonQuery()
myConnection.Close()

Dim customerId As Integer = CInt(parameterCustomerID.Value)

If customerId = 0 Then
Return Nothing
Else
Return customerId.ToString()
End If

End Function


Listing 3

' Display a message if no results are found
If MySearchList.Items.Count = 0 Then
ErrorMsg.Text = "Your search for " & Request.Params("txtSearch")
& " returned no results."
End If




Listing 4

' Display a message if no results are found
If MySearchList.Items.Count = 0 Then
ErrorMsg.Text = "Your search for " & Server.HTMLEncode
(Request.Params("txtSearch")) & " returned no results."
End If