c# - How to solve ASP.NET custom login page error? -
in login.aspx.cs file
the codes following
using system; using system.collections.generic; using system.linq; using system.web; using system.web.ui; using system.web.ui.webcontrols; using system.data.sqlclient; using system.configuration; using system.data; using system.web.configuration; namespace leave_management { public partial class login : system.web.ui.page { //private string strcon = webconfigurationmanager.connectionstrings["connectionstring"].connectionstring; sqlconnection conn = new sqlconnection(@"data source=taufiq-pc\sqlexpress;initial catalog=lm;integrated security=true"); protected void page_load(object sender, eventargs e) { } protected void button1_click(object sender, eventargs e) { conn.open(); string checkuser = "select username [user] username='" + textboxun + "'"; sqlcommand com = new sqlcommand(checkuser, conn); int temp = convert.toint32(com.executescalar().tostring()); if (temp == 1) { string checkpass = "select password [user] username='" + textboxun + "'"; sqlcommand passcom = new sqlcommand(checkpass, conn); string password = passcom.executescalar().tostring().replace(" ", ""); conn.close(); if (password == textboxpass.text) { response.redirect("registration.aspx"); } } } } } an error showing
"nullreferenceexception unhandled user code"
int temp = convert.toint32(com.executescalar().tostring());
please me solve this.
you can simplify code checking both username , password sql statement:
protected void button1_click(object sender, eventargs e) { conn.open(); string sql = "select userid [user] username=@username , password=@password"; sqlcommand com = new sqlcommand(sql, conn); com.parameters.addwithvalue("@username", textboxun.text); com.parameters.addwithvalue("@password", textboxpass.text); sqldatareader data = com.executereader(); if (data.hasrows) // username , password match { conn.close(); response.redirect("registration.aspx"); } else { conn.close(); // display error here } } i assume userid primary key of users table. can use other column names if want.
i used parameters avoid sql injection. cheers!
Comments
Post a Comment