0

I created a login form in asp, and I seem to get this error: 

Parameter @id has no default value.

Description: An unhandled exception occurred during the execution of the >current web request. Please review the stack trace for more

information about >the error and where it originated in the code. 

Exception Details: System.Data.OleDb.OleDbException: Parameter @id has no >default value.

Source Error: 


Line 18:         });
Line 19: 

Line 20:         OleDbDataReader reader = loginCommand.ExecuteReader();
Line 21:         if (reader.Read())
Line 22:         {

    OleDbConnection connection = new 
    OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + 
    Server.MapPath("\\App_Data\\talManager.mdb"));
    connection.Open();

    OleDbCommand loginCommand = new OleDbCommand();
    loginCommand.Connection = connection;
    loginCommand.CommandText = "SELECT [_fname], [_id], [_password] FROM 
    admins WHERE [_id] = @id AND [_password] = @password";
    loginCommand.Parameters.AddRange(new OleDbParameter[]
    {
        new OleDbParameter("@id", Request.Form["id"]),
        new OleDbParameter("@password", Request.Form["password"])
    });

OleDbDataReader reader = loginCommand.ExecuteReader();
if (reader.Read())
{
    Session["fname"] = reader["_fname"];
    Session["id"] = reader["_id"];
    Session["isAdmin"] = true;
} else
{
    error.InnerText = "Invalid ID or password.";
}

reader.Close();
connection.Close();

Any help would be appreciated. Thanks in advance!

SailajaPalakodeti
  • 150
  • 2
  • 13
sn4il
  • 1
  • 1
  • Sorry for the bad format, I got lost in the editor :D – sn4il Aug 01 '17 at 17:49
  • Well, [edit] and fix. Also, debug and look at the value of `Request.Form["id"]),` Is it empty? Why? –  Aug 01 '17 at 17:52
  • are you sure that Request.Form["id"] is not null? – jcvegan Aug 01 '17 at 17:53
  • You should validate the incoming parameters **before** you execute your database statements. Maybe `Request.Form["id"]` is `null` which would lead to an unexpected result similar to this one. And as a side note storing passwords in plain text in your db is very bad practice. – Igor Aug 01 '17 at 17:54
  • @jcvegan it's pointing at an input with a name "id", so what do you mean by null? – sn4il Aug 01 '17 at 17:56
  • @Igor Can you please direct me to info about better ways to store a password? – sn4il Aug 01 '17 at 17:56
  • There is plenty of stuff out there but here is a solution I wrote a while back for SO documents: [Complete password hashing solution using pbkdf2](https://stackoverflow.com/documentation/c%23/2774/hash-functions/15470/complete-password-hashing-solution-using-pbkdf2#t=201708011758539262564) – Igor Aug 01 '17 at 18:00
  • See https://stackoverflow.com/questions/1054022/best-way-to-store-password-in-database for password storage – saarrrr Aug 01 '17 at 18:01
  • I have a lot to learn. Thanks @Igor! – sn4il Aug 01 '17 at 18:02

0 Answers0