Object reference not set to an instance of object

Question

kylelendo -4 Junior Poster in Training

13 Years Ago

I am trying to login into the system
I have created 3 pages

1.Registration Page
2.Login Page
3.Secure Page

In registration page I can enter new username and password and that gets registered
well that works fine..but when i try to login with that username and password
I get an error

"Object reference not set to an instance of object"
Here is my code for Login page

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["RegConnectionstring"].ConnectionString);
        con.Open();
        string cmdStr = "select count(*) from Registration where UserName='" + TextBox1.Text + " ' ";
        SqlCommand Checkuser = new SqlCommand(cmdStr, con);
        int temp = Convert.ToInt32(Checkuser.ExecuteScalar().ToString());
        if (temp == 1)
        {
            string cmdStr2 = "Select password from Registration where UserName=' " + TextBox1.Text + " ' ";
            SqlCommand pass = new SqlCommand(cmdStr2, con);
            string Password = pass.ExecuteScalar().ToString();
            con.Close();
            if (Password == TextBox2.Text)
            {
                Session["New"] = TextBox1.Text;
                Response.Redirect("Secure.aspx");

            }
            else
            {
                Label1.Visible = true;
                Label1.Text = "Invalid Password";

            }
        }
            else
            {
                 Label1.Visible = true;
                Label1.Text = "Invalid UserName";

            }
        
           
       
        }
    }

I am getting error at the line

string Password = pass.ExecuteScalar().ToString();

Please help

4 Contributors
9 Replies
328 Views
22 Hours Discussion Span
Latest Post 13 Years Ago Latest Post by kylelendo

thines01 401 Postaholic

13 Years Ago

For the password, you should use ExecuteDataReader()

thines01 401 Postaholic

13 Years Ago

Sorry for the typo.
What are you using to pull the value out of the DataReader?

Momerath 1,327 Nearly a Senior Poster

13 Years Ago

It's a poor design to pull the password from the database into your application. Send the userid/password to the database and have it return if it is a valid combination. No data readers, just the ExecuteScaler is needed, you are almost there with it.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

kylelendo -4 Junior Poster in Training · Answer 1 · 2011-09-28T17:29:41+00:00

For the password, you should use ExecuteDataReader()

Well I am using VS2010 there is no option of ExecuteDataReader()..However there is an option of ExecuteReader().I tried that and it worked but the problem is when i enter right combination of Username and password...it says Invalid password....!!!

thines01 401 Postaholic Team Colleague Featured Poster · Answer 2 · 2011-09-28T19:40:39+00:00

I recommended the data reader because I suspect this will eventually not be the only thing pulled from the database.

Mitja Bonca 557 Nearly a Posting Maven · Answer 3 · 2011-09-28T21:52:34+00:00

For the password, you should use ExecuteDataReader()

ExecuteSclalar is appropriate here too, because it returns a single value.
But its not appropriate to return the password, because you dont actually use it any where, password should only (meant) be to check if the user is the right one, or not.
But I dont exactly know why you use the password, so do as you like.

kylelendo -4 Junior Poster in Training · Answer 4 · 2011-09-28T23:46:39+00:00

So finally Wat changes should I make in my code???

thines01 401 Postaholic Team Colleague Featured Poster · Answer 5 · 2011-09-29T08:20:57+00:00

You have the Scalar technique.
The SQL command has a problem with the extra spaces on the left and right of the user name. ( where UserName=' " )

The DataReader technique looks like:

using (SqlDataReader rdr = (new SqlCommand(strSQL, conn)).ExecuteReader())
               {
                  if (rdr.Read()) // or "while" ... depending
                  {
                     strPassword = rdr["PASSWORD"].ToString().Trim();
                  }

                  rdr.Close();
               }
               conn.Close();

As the others said, if you are REALLY after only one value, use ExecuteScalar()

Once you make it work, also follow the advice of the others to avoid retrieving the password from the database if at all possible (unless it's encrypted and used in a different system).

kylelendo -4 Junior Poster in Training · Answer 6 · 2011-09-29T09:12:31+00:00

You have the Scalar technique.
The SQL command has a problem with the extra spaces on the left and right of the user name. ( where UserName=' " )
The DataReader technique looks like:
using (SqlDataReader rdr = (new SqlCommand(strSQL, conn)).ExecuteReader())
               {
                  if (rdr.Read()) // or "while" ... depending
                  {
                     strPassword = rdr["PASSWORD"].ToString().Trim();
                  }

                  rdr.Close();
               }
               conn.Close();
As the others said, if you are REALLY after only one value, use ExecuteScalar()
Once you make it work, also follow the advice of the others to avoid retrieving the password from the database if at all possible (unless it's encrypted and used in a different system).

Thank you it worked...I just removed the extra spaces....