facing problem while executing vb.net query

Dim con As SqlConnection
        con = New SqlConnection("server=chinna; uid=sa; pwd=136018@h; database=icms")
        con.Open()
        Dim cmd As SqlCommand
        cmd = New SqlCommand("select pass from personal where idno=" & TextBox1.Text, con)
        cmd.CommandType开发者_JS百科 = CommandType.Text
        Dim rdr As SqlDataReader
        rdr = cmd.ExecuteReader
        If rdr.Read() Then

            TextBox2.Text = rdr.ToString()
            Response.Redirect("default.aspx")
        Else
            MsgBox("incorrect password")

You need to use parameters in your query:

cmd = New SqlCommand("select pass from personal where idno=@param", con)
cmd.Parameters.AddWithValue("param", TextBox1.Text);

Use ExecuteScalar instead of ExecuteReader.

Dim password As String
password = cmd.ExecuteScalar.ToString()

FYI, storing passwords in plain text and comparing like this is VERY bad practice. You should be encrypting the passwords with some one-way salted encryption and then doing the same on verification then comparing the encrypted values.

You are missing the DataSource assignment.

Add GridView1.DataSource = rdr before you call DataBind.

Your If block should look like:

If rdr.Read() Then  
 GridView1.Visible = True             
 GridView1.DataSource = rdr
 GridView1.DataBind()           
End If 

Should be

cmd = New SqlCommand("select pass from personal where idno='" & TextBox1.Text & "'", con)

beyond that code seems for ASP.net. We can not execute MsgBox in VB.net that can appear on client browser.

use HasRows on rdr and set DataSourcefor GridView1

    Dim rdr As SqlDataReader
    rdr = cmd.ExecuteReader()
    If rdr.HasRows Then
        GridView1.Visible = True
        GridView1.DataSource = rdr
        GridView1.DataBind()
    End If

What is your error or are you just getting a null for rdr?

I don't see an outpout paramenter. You need one. You only have an input parameter.

1. You need to somehow mark that the user was logged in, using a Session variable or a login identity. Otherwise, anyone can go to the logged in version of the page by simply navigating directly to it.
2. MsgBox( is not valid in asp.net, because it would display a message on the server, not on the client. Try using a Label on the page to display error messages by setting its text.
3. What is the problem you are having? Does it just "not work"? Does it not validate your password correctly? Do you get an exception of some sort? Can you post the results?