I am trying to login into the system
I have created 3 pages

1.Registration Page
2.Login Page
3.Secure Page

In registration page I can enter new username and password and that gets registered
well that works fine..but when i try to login with that username and password
I get an error

"Object reference not set to an instance of object"
Here is my code for Login page

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["RegConnectionstring"].ConnectionString);
        con.Open();
        string cmdStr = "select count(*) from Registration where UserName='" + TextBox1.Text + " ' ";
        SqlCommand Checkuser = new SqlCommand(cmdStr, con);
        int temp = Convert.ToInt32(Checkuser.ExecuteScalar().ToString());
        if (temp == 1)
        {
            string cmdStr2 = "Select password from Registration where UserName=' " + TextBox1.Text + " ' ";
            SqlCommand pass = new SqlCommand(cmdStr2, con);
            string Password = pass.ExecuteScalar().ToString();
            con.Close();
            if (Password == TextBox2.Text)
            {
                Session["New"] = TextBox1.Text;
                Response.Redirect("Secure.aspx");

            }
            else
            {
                Label1.Visible = true;
                Label1.Text = "Invalid Password";

            }
        }
            else
            {
                 Label1.Visible = true;
                Label1.Text = "Invalid UserName";

            }
        
           
       
        }
    }

I am getting error at the line

string Password = pass.ExecuteScalar().ToString(­);

Please help

For the password, you should use ExecuteDataReader()

Well I am using VS2010 there is no option of ExecuteDataReader()..However there is an option of ExecuteReader().I tried that and it worked but the problem is when i enter right combination of Username and password...it says Invalid password....!!!

It's a poor design to pull the password from the database into your application. Send the userid/password to the database and have it return if it is a valid combination. No data readers, just the ExecuteScaler is needed, you are almost there with it.

I recommended the data reader because I suspect this will eventually not be the only thing pulled from the database.

For the password, you should use ExecuteDataReader()

ExecuteSclalar is appropriate here too, because it returns a single value.
But its not appropriate to return the password, because you dont actually use it any where, password should only (meant) be to check if the user is the right one, or not.
But I dont exactly know why you use the password, so do as you like.

You have the Scalar technique.
The SQL command has a problem with the extra spaces on the left and right of the user name. ( where UserName=' " )

The DataReader technique looks like:

using (SqlDataReader rdr = (new SqlCommand(strSQL, conn)).ExecuteReader())
               {
                  if (rdr.Read()) // or "while" ... depending
                  {
                     strPassword = rdr["PASSWORD"].ToString().Trim();
                  }

                  rdr.Close();
               }
               conn.Close();

As the others said, if you are REALLY after only one value, use ExecuteScalar()

Once you make it work, also follow the advice of the others to avoid retrieving the password from the database if at all possible (unless it's encrypted and used in a different system).

You have the Scalar technique.
The SQL command has a problem with the extra spaces on the left and right of the user name. ( where UserName=' " )

The DataReader technique looks like:

using (SqlDataReader rdr = (new SqlCommand(strSQL, conn)).ExecuteReader())
               {
                  if (rdr.Read()) // or "while" ... depending
                  {
                     strPassword = rdr["PASSWORD"].ToString().Trim();
                  }

                  rdr.Close();
               }
               conn.Close();

As the others said, if you are REALLY after only one value, use ExecuteScalar()

Once you make it work, also follow the advice of the others to avoid retrieving the password from the database if at all possible (unless it's encrypted and used in a different system).

Thank you it worked...I just removed the extra spaces....

This question has already been answered. Start a new discussion instead.