Member Avatar for kylelendo

I am trying to login into the system
I have created 3 pages

1.Registration Page
2.Login Page
3.Secure Page

In registration page I can enter new username and password and that gets registered
well that works fine..but when i try to login with that username and password
I get an error

"Object reference not set to an instance of object"
Here is my code for Login page

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["RegConnectionstring"].ConnectionString);
        con.Open();
        string cmdStr = "select count(*) from Registration where UserName='" + TextBox1.Text + " ' ";
        SqlCommand Checkuser = new SqlCommand(cmdStr, con);
        int temp = Convert.ToInt32(Checkuser.ExecuteScalar().ToString());
        if (temp == 1)
        {
            string cmdStr2 = "Select password from Registration where UserName=' " + TextBox1.Text + " ' ";
            SqlCommand pass = new SqlCommand(cmdStr2, con);
            string Password = pass.ExecuteScalar().ToString();
            con.Close();
            if (Password == TextBox2.Text)
            {
                Session["New"] = TextBox1.Text;
                Response.Redirect("Secure.aspx");

            }
            else
            {
                Label1.Visible = true;
                Label1.Text = "Invalid Password";

            }
        }
            else
            {
                 Label1.Visible = true;
                Label1.Text = "Invalid UserName";

            }
        
           
       
        }
    }

I am getting error at the line

string Password = pass.ExecuteScalar().ToString(­);

Please help

  • 4 Contributors
  • 9 Replies
  • 324 Views
  • 22 Hours Discussion Span
  • Latest Post Latest Post by kylelendo

Recommended Answers

All 9 Replies

Member Avatar for thines01

For the password, you should use ExecuteDataReader()

Member Avatar for kylelendo

For the password, you should use ExecuteDataReader()

Well I am using VS2010 there is no option of ExecuteDataReader()..However there is an option of ExecuteReader().I tried that and it worked but the problem is when i enter right combination of Username and password...it says Invalid password....!!!

Member Avatar for thines01

Sorry for the typo.
What are you using to pull the value out of the DataReader?

Member Avatar for Momerath

It's a poor design to pull the password from the database into your application. Send the userid/password to the database and have it return if it is a valid combination. No data readers, just the ExecuteScaler is needed, you are almost there with it.

Member Avatar for thines01

I recommended the data reader because I suspect this will eventually not be the only thing pulled from the database.

Member Avatar for Mitja Bonca

For the password, you should use ExecuteDataReader()

ExecuteSclalar is appropriate here too, because it returns a single value.
But its not appropriate to return the password, because you dont actually use it any where, password should only (meant) be to check if the user is the right one, or not.
But I dont exactly know why you use the password, so do as you like.

Member Avatar for kylelendo

So finally Wat changes should I make in my code???

Member Avatar for thines01

You have the Scalar technique.
The SQL command has a problem with the extra spaces on the left and right of the user name. ( where UserName=' " )

The DataReader technique looks like:

using (SqlDataReader rdr = (new SqlCommand(strSQL, conn)).ExecuteReader())
               {
                  if (rdr.Read()) // or "while" ... depending
                  {
                     strPassword = rdr["PASSWORD"].ToString().Trim();
                  }

                  rdr.Close();
               }
               conn.Close();

As the others said, if you are REALLY after only one value, use ExecuteScalar()

Once you make it work, also follow the advice of the others to avoid retrieving the password from the database if at all possible (unless it's encrypted and used in a different system).

Member Avatar for kylelendo

You have the Scalar technique.
The SQL command has a problem with the extra spaces on the left and right of the user name. ( where UserName=' " )

The DataReader technique looks like:

using (SqlDataReader rdr = (new SqlCommand(strSQL, conn)).ExecuteReader())
               {
                  if (rdr.Read()) // or "while" ... depending
                  {
                     strPassword = rdr["PASSWORD"].ToString().Trim();
                  }

                  rdr.Close();
               }
               conn.Close();

As the others said, if you are REALLY after only one value, use ExecuteScalar()

Once you make it work, also follow the advice of the others to avoid retrieving the password from the database if at all possible (unless it's encrypted and used in a different system).

Thank you it worked...I just removed the extra spaces....

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.