Object reference not set in

Question

public static Boolean ValidateUser(string struser, string strpass)
{
    // Establish connection information
    SqlConnection conn_string = new   SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["Data Source=137.145.169.3;Initial Catalog=SICI4266;Persist Security Info=True;User ID=SICI4266G3;Password=*******"].ConnectionString);
    // Establish SQL command
    SqlCommand sql_comm = new SqlCommand("SELECT count(userID) FROM HIEPA.HIEPA_USERS where UserName = @usuario and UserPassword = @contrasena ; ", conn_string);
    // Provide Parameter values
    sql_comm.Parameters.AddWithValue("@usuario", struser);
    sql_comm.Parameters.AddWithValue("@contrasena", strpass);
    // Open the connection
    conn_string.Open();
    // Execute the SQL command and assign the resulting value to an integer variable
    Int32 intUserCount = Convert.ToInt32(sql_comm.ExecuteScalar());
    // Close the connection
    conn_string.Close();
    // Evaluate the integer variable content; greater than cero is a valid combination
    if (intUserCount == 1)
    {
        return true;
    }
    else
    {
        return false;
    }
}

can somebody tell me why this error is prompted?

Answer 1

This expression from the line highlighted in red in the exception results is null:

System.Configuration.ConfigurationManager.ConnectionStrings["Data Source=137.145.169.3;Initial Catalog=SICI4266;Persist Security Info=True;User ID=SICI4266G3;Password=*******"]

It's null because the Connection[] property expects the name of a string, and not the full string. It's trying lookup the string in a collection, doesn't find that big long blob of text, and so returns null.

Given the above, you then try to the reference the .Connection string property of a null reference. It's as if you had done this:

null.ConnectionString;

Either change that code to use the name of the connection string as listed in the web.config file, or since you have the whole string there already just give that string directly to the SqlConnection() constructor. Either way, that code should be cleaned up some:

//comments should focus on "why", rather than "what"
public static Boolean ValidateUser(string struser, string strpass)
{
    using (var conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["conn string name"].ConnectionString))
    using (var sql_comm = new SqlCommand(""SELECT count(userID) FROM HIEPA.HIEPA_USERS where UserName = @usuario and UserPassword = @contrasena ; ", conn))
    {
        //Don't use AddWithValue(). It forces ADO.Net to guess about parameter types.
        //Use exact column types and lengths instead
        sql_comm.Parameters.Add("@usuario", SqlDbType.NVarChar, 50).Value = struser;
        //Dear God, please tell me you're not using a plain-text password? That's a HUGE mistake!
        sql_comm.Parameters.Add("@contrasena", SqlDbType.NVarChar, 180).Value = strpass;

        conn.Open();
        return (1 == (int)sql_comm.ExecuteScalar());
    }
}

Answer 2

If you have this in your web.config, it means your connection string name is "Default"

<connectionStrings>
    <add name="Default" connectionString="Data Source=137.145.169.3;Initial Catalog=SICI4266;Persist Security Info=True;User ID=SICI4266G3;Password=*******" providerName="System.Data.SqlClient" />
<connectionStrings>

So, the correct way to add connection string in your code is-

SqlConnection conn_string = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["Default"].ConnectionString);