0

i'm new to asp.net, i'm writing a login page for learning asp.net, here is the error with the script. When i enter the password only contains english letters, there are no errors, but when i enter the password contain digit/only digit for example, abc123 or 123, line 28 will produce an error, anyone knows what the problems?

thanks

Object reference not set to an instance of an object.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error: 


Line 26:             string cmdStr2 = "Select Password from [user] where UserName = '" + TextBox2.Text + "'";
Line 27:             SqlCommand pass = new SqlCommand(cmdStr2, con);
Line 28:             string password = pass.ExecuteScalar().ToString();
Line 29:             
Line 30:             Label1.Text = password;

Source File: c:\inetpub\web1\Login.aspx.cs    Line: 28 

Stack Trace: 


[NullReferenceException: Object reference not set to an instance of an object.]
   Login.Button1_Click(Object sender, EventArgs e) in c:\inetpub\web1\Login.aspx.cs:28
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +118
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +112
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5563
hkguile
  • 4,235
  • 17
  • 68
  • 139
  • 2
    What does pass.ExecuteScalar() produce? If its null, you'll get a nullreference exception when you try to ToString() the object. – Alex Oct 12 '12 at 05:06
  • debug your code and chk which object is null. – Talha Oct 12 '12 at 05:10

2 Answers2

1

Return Value of ExecuteScalar can be null

Type: System.Object

The first column of the first row in the result set, or a null reference (Nothing in Visual Basic) if the result set is empty. Returns a maximum of 2033 characters.

So you'll need to check for null before doing anything with .ExecuteScalar()

object retVal = pass.ExecuteScalar();
string data = "";
if(retVal != null)
  data = retVal.ToString();

Things to note

  • To login user, check for password and username at the same time e.g. WHERE username=@username AND password=@password. If record is returned, then the user's credential is valid, else they don't match

  • Use Parameterized variables because of SQL Injection: What is SQL injection?

    string cmdStr2 = "Select 1 from [user] where UserName = @Username and Password=@Password";
SqlCommand command = new SqlCommand(cmdStr2, con);
command.Parameters.AddWithValue("@Username", Username);
command.Parameters.AddWithValue("@Password", Password);
Community
  • 1
  • 1
codingbiz
  • 26,179
  • 8
  • 59
  • 96
0

First you need to supply the value using Parameters. Don't just embed the value in the string. Don't use ExecuteScalar(). Use SqlDataAdapter get the returning user info and check the password from the DataTable If the ExecuteScalar() doesn't return a value the .ToString() is not going to work and throw a null exception is what you are getting. You need to do like "select * from user where username = @username" instead of searching by password. And then match the password of that username with the user supplied password.

iefpw
  • 6,816
  • 15
  • 55
  • 79