0

1.here is some problem and I can't able to find why it is throwing exceptions of I have already connected my SQL SERVER MANAGEMENT STUDIO 2. I was making a user signup Webform page and this happened when I tried to run the code and fill all the details Exception thrown: 'System.Data.SqlClient.SqlException' in System.Data.dll but couldn't found the cause of it please help.

using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace Relocations
{
   public partial class SignUp : System.Web.UI.Page
   {
        String strcon = ConfigurationManager.ConnectionStrings["con"].ConnectionString;
        protected void Page_Load(object sender, EventArgs e)
        {
            
        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            if (checkMemberExists())
            {
                Response.Write("<script>alert('Member Id already Exist');</script>");
            }
            else
            {
                signUpNewMember();
            }
        }
            bool checkMemberExists()
            {
                try
                    {
                        SqlConnection con = new SqlConnection(strcon);
                        if (con.State == ConnectionState.Closed)
                        {
                            con.Open();
                        }
                        SqlCommand cmd = new SqlCommand("SELECT * from member_master_tb1 where member_id='" + TextBox8.Text.Trim() + "';", con);
                        SqlDataAdapter da = new SqlDataAdapter(cmd);
                        DataTable dt = new DataTable();
                        da.Fill(dt);
                        if (dt.Rows.Count >= 1) 
                        {
                            return true;
                        }
                        else 
                        {
                            return false;
                        }
              
                    }
                catch (Exception ex)
                {
                    Response.Write("<script>alert('" + ex.Message + "');</script>");
                    return false;
                }
            
            }  

            void signUpNewMember()
            {
                try
                {
                    SqlConnection con = new SqlConnection(strcon);
                    if (con.State == ConnectionState.Closed)
                    {
                        con.Open();
                    }
                    SqlCommand cmd = new SqlCommand("INSERT INTO member_master_tb1(full name,dob,contact,email,state,city,pincode,address,member_id,password,account_status) value(@full name,@dob,@contact,@email,@state,@city,@pincode,@address,@member_id,@password,@account_status)", con);
                    cmd.Parameters.AddWithValue("@full name", TextBox3.Text.Trim());
                    cmd.Parameters.AddWithValue("@dob", TextBox4.Text.Trim());
                    cmd.Parameters.AddWithValue("@contact", TextBox1.Text.Trim());
                    cmd.Parameters.AddWithValue("@email", TextBox2.Text.Trim());
                    cmd.Parameters.AddWithValue("@state", DropDownList1.SelectedItem.Value);
                    cmd.Parameters.AddWithValue("@city", TextBox5.Text.Trim());
                    cmd.Parameters.AddWithValue("@pincode", TextBox6.Text.Trim());
                    cmd.Parameters.AddWithValue("@address", TextBox7.Text.Trim());
                    cmd.Parameters.AddWithValue("@member_id", TextBox8.Text.Trim());
                    cmd.Parameters.AddWithValue("@password", TextBox9.Text.Trim());
                    cmd.Parameters.AddWithValue("@account_status", "pending");

                    cmd.ExecuteNonQuery();
                    con.Close();
                    Response.Write("<script>alert('Sign Up Successfully. Ypu can Login Now');</script>");
                }
                catch (Exception ex)
                {

Response.Write("<script>alert('" + ex.Message + "')</script>");
---------------------------------------------------------------

                }
            }
        
    }
}
Naman Bansal
  • 1
  • 2
  • 1
    What is the full text of the exception? – mjwills Jul 26 '21 at 11:55
  • Visual Studio is the IDE you use to write the code. It doesn't *execute* the code. You don't have a Web API project either, that's a WebForms page. What is the *actual* error? Where does it occur? .NET Exceptions show a *lot* of detail. They'll tell you *what* is wrong with your SQL code – Panagiotis Kanavos Jul 26 '21 at 11:55
  • BTW that code is wide open to SQL injection and conversion attacks. I could type `' or 1==1` in the member text box. Or `'; drop table member_master_tb1;--`. Even the ancient WebForms framework had a *far* better Membership provider than this. Don't roll your own. Don't reinvent the wheel. Just use the built-in provider until you understand what it does and how to extend it – Panagiotis Kanavos Jul 26 '21 at 11:58
  • @mjwills Exception thrown: 'System.Data.SqlClient.SqlException' in System.Data.dll – Naman Bansal Jul 26 '21 at 12:09
  • Call `ToString` on the exception. – mjwills Jul 26 '21 at 13:08

0 Answers0