Input string was not in a correct format c# and asp.net

Question

I'm working on a simple asp.net log in page. a simple code when user log in it verifies with the sql and direct to the page for either staff or admin. but i have this error (int.Parse(myReader.ToString()) > 0) ... Input string was not in a correct format my code..

string Connection = "Data Source=(ip);Initial Catalog=..;Persist Security Info=True;User ID=(id);Password=(pass)";
SqlConnection myConn = new SqlConnection(Connection);

SqlCommand SelectCommand = new SqlCommand("select * from tar_login where Username ='" + txtUsername.Text + "' and Password='" + txtPassword.Text + "' and Position='" + ddlPosition.Text + "';", myConn);

myConn.Open();

var myReader = SelectCommand.ExecuteScalar();
myConn.Close();

if (myReader != null)
{
    if (int.Parse(myReader.ToString()) > 0)
    {
        if (ddlPosition.Text == "Admin")
        {
            Response.Redirect("manager.aspx");
        }
    }
}

if (myReader != null)
{
    if (int.Parse(myReader.ToString()) > 0)
    {
        if (ddlPosition.Text == "Staff")
        {
            Response.Redirect("staff.aspx");
        }
    }
}

else
{
    Label1.ForeColor = System.Drawing.Color.Red;
    Label1.Text = "Incorrect. Please try again";
    myConn.Close();
}

.help as im new to asp.net and c#

Answer 1

The ExecuteScalar returns an object (the row), or null.
Then you try to ToString it. Unless you return only one column, which is an int, this will not be something that int.Parse will be able to parse.

You can try int.TryParse, but it'll return false I believe. What do you have in myReader if you put a breakpoint in there? it might give you/us a better understanding about what you're dealing with.

---

Edit:

o_O ?!

You have two clauses saying : if (myReader != null). Merge them.

Whenever you work with DB's or any resource you need to handle, use using, like Saunders suggested.

Other than that, you answered your question. If you get a null back, it cannot be parsed into an int.

You'll have to figure out your DB issues or your query, and try again.

Answer 2

Your ExecuteScalar() is bringing a non-numeric character (e.g. 'A'), which cannot be converted to integer.

It seems in your code there is no need of checking > 0.

myReader != null is sufficient.

Whatever Samiey has suggested above looks perfect.

Answer 3

Try This Code

    string Connection = "Data Source=(ip);Initial Catalog=..;Persist Security Info=True;User ID=(id);Password=(pass)";
    SqlConnection myConn = new SqlConnection(Connection);

    SqlCommand SelectCommand = new SqlCommand("select * from tar_login where Username ='" + txtUsername.Text + "' and Password='" + txtPassword.Text + "' and Position='" + ddlPosition.Text + "';", myConn);

    myConn.Open();

    Sqldatareader myReader = SelectCommand.ExecuteReader();
    myConn.Close();

     if (reader.HasRows)
        {
if (ddlPosition.Text == "Admin")
        {
            Response.Redirect("manager.aspx");
        }
else if (ddlPosition.Text == "Staff")
        {
            Response.Redirect("staff.aspx");
        }
    else
    {
        Label1.ForeColor = System.Drawing.Color.Red;
        Label1.Text = "Incorrect. Please try again";
        myConn.Close();
    }