0

I'm attempting to create a login screen in which a user inputs their email and password and an SQL statement finds the ID associated with their account. I'm using ExecuteScalar to assign the output from the statement to a variable called loggedID, but it's throwing an InvalidOperationException.

            Points.userLogin.Parameters.Add("@email", SqlDbType.NVarChar).Value = txtEmail.Text;
            Points.userLogin.Parameters.Add("@pass", SqlDbType.NVarChar).Value = txtPass.Text;

            Points.userLogin.CommandText=
                "SELECT CustomerID FROM tblCustomers WHERE CustomerEmail = @email AND CustomerPassword = @pass";


            Points.pointsCon.Open();
            Console.WriteLine("Opening Connection");
            try
            {            
                int loggedID = (int)Points.userLogin.ExecuteScalar(); // Line in question
                Console.WriteLine("Assigning ID to variable");

                // -------------------TEMP---------------------
                MessageBox.Show("insert login page");
                // -------------------TEMP---------------------
            }
            catch
            {
                MessageBox.Show("You have entered your email or password incorrectly. Please try again.",
                    "Incorrect Credentials",
                    MessageBoxButtons.OK,
                    MessageBoxIcon.Error);
            }

            Points.pointsCon.Close();
            Console.WriteLine("Closing Connection");

Edit: the exact message recieved is Exception thrown: 'System.InvalidOperationException' in System.Data.dll

Edit: this is my points.cs file

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Data.SqlClient;

namespace PenPoints
{
    class Points
    { 
        // Connects the class to the database via the connection string
        public static SqlConnection pointsCon = new SqlConnection("Data Source=(LocalDB)\\MSSQLLocalDB;AttachDbFilename='C:\\Users\\matth\\Documents\\Lessons\\Project\\The Actual Program\\PenPoints\\PointsDB.mdf';Integrated Security=True;Connect Timeout=30");
        // Command to create account
        public static SqlCommand createAccount = new SqlCommand();
        // Command to log in
        public static SqlCommand userLogin = new SqlCommand();
    }
}
Aurora
  • 11
  • 2
  • Can you share the message of the exception too? Is `pointsCon` connection assigned to `userLogin` command? – Chetan Feb 27 '20 at 05:57
  • Edited my post to share. `pointsCon` and `userLogin` are both part of the same class, I'll share that class too. – Aurora Feb 27 '20 at 06:02
  • This is not an answer to your question, but you're working incorrectly with ADO.Net classes. The SqlConnection, SqlCommand, and most other useful classes on ADO.Net are disposable classes. You should not use them as fields to a class, let alone as static fields. For more information, read [my answer here](https://stackoverflow.com/a/48210460/3094533) – Zohar Peled Feb 27 '20 at 07:11
  • what is the **message** of the exception? it usually tells you *what* is invalid; btw, I have to agree with @Zohar - keeping the command around like this is *usually* a bad idea, and is certainly not necessary for a login page. Also: you should not store passwords, basically ever (unless you're writing a password manager, in which case they should be strongly encrypted); you *probably* want to look into salted hashes here. You might say "ah, but it isn't a highly secure system, it doesn't matter": people tend to reuse passwords, so: it matters; you are exposing your users to risk. – Marc Gravell Feb 27 '20 at 07:21
  • @MarcGravell, this is only a prototype for something, not anything that is going to be released for public use. I'm doing an educational course, we've yet to cover hashing and other methods of passwords. As for the message, that is the only thing I got. It simply tells me there's an exception. – Aurora Feb 27 '20 at 08:43
  • @Aurora k, please do the following so we stand a chance: change your `catch` to `catch (Exception ex)`, and output somewhere `ex.Message` and `ex.StackTrace`, and *tell us what they say*; they are your tools for understanding what happened – Marc Gravell Feb 27 '20 at 10:34

0 Answers0