-2

While executing the following code in ASP.NET with VB, I am getting the error "No data exists for the row/column." 

Dim hdnuserid = e.CommandArgument
    If e.CommandName = "additem" Then

        ' First, see if the product is already in the vendor_catalog table

        Dim dr, dr2, username
        dr = connection.returnsqlresult("SELECT * FROM vendor_users where vendor_id = '" & Request("vendor_id") & "' AND userid = '" & hdnuserid & "'")
        If dr.hasrows() Then
            dr.read()
            Response.Write("<script type=""text/javascript"">alert(""User already assigned to this vendor."");</script>")

        Else
            dr2 = connection.returnsqlresult("SELECT * FROM users WHERE userid = '" & hdnuserid & "'")
            Response.Write(hdnuserid)
            If dr2.hasrows() Then
                dr2.read()
                username = dr("username")
                connection.executesql("INSERT INTO vendor_users(userid, vendor_id, username) VALUES('" & hdnuserid & "','" & Request("vendor_id") & "','" & username & "')")
                'ScriptManager.RegisterStartupScript(Me, GetType(Page), "itemsadded", "window.opener.__doPostBack('__Page', 'populate_usergrid');window.close();", True)
            Else
                Response.Write("<script type=""text/javascript"">alert(""User does not exist."");</script>")

            End If
            dr2.close()
        End If
        dr.close()
    Else

    End If

I have checked that the columns exist in my tables, and also checked the select * from users statement in SQL directly with a hard coded value and I see the result I expect. I'm not sure why I am getting this error. The error is being thrown on the username = dr("username") line.

Any assistance in this would be very helpful.

JV

Jon Visconti
  • 17
  • 2
  • 2
    [Little Bobby Tables](http://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work) has been invited to a party – Steve Apr 07 '15 at 16:17

2 Answers2

0

I think you have a bit of a typo. Change

username = dr("username")

to

username = dr2("username")
John Wu
  • 50,556
  • 8
  • 44
  • 80
  • Red in the face doesn't even begin to explain my embarrassment. It's been one of those days....working perfectly now. – Jon Visconti Apr 07 '15 at 16:45
0

Shouldnt the reader object be dr2 instead of dr? since dr doesnt have any rows, dr("username") wouldnt be accessible.

username = dr2("username")
Srikanth495
  • 94
  • 3