Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: string
I having problem with my code.
 
i'm developing a login page with fingerprint scanner. Inserting the template of fingerprint scanner to sql database works fine (nvchar(MAX)),
 
but when selecting the template from sql im getting error like this: Unable to cast object of type 'System.String' to type 'System.Byte[]'.
 
here's my code:
  Dim cn As New SqlConnection(ConnectString())
            cn.Open()
            dim bytes as Byte()
            sqlCommand.CommandText = "Select template from usertbl where username='" + registration.txtusername.Text + "'"
            sqlCommand.CommandType = CommandType.Text
            sqlCommand.Connection = cn
 
            Dim lrd As SqlDataReader = sqlCommand.ExecuteReader()
            Dim usr
            While lrd.Read()
                usr = lrd("template")
 
            End While
 

            bytes = Nothing
            bytes = usr
 
                template = New DPFP.Template()
                template.DeSerialize(usr)
                'Perform  match
                matcher.Verify(FeatureSet, template, matchResult)
                If matchResult.Verified Then
                    EventHandlerStatus = Gui.EventHandlerStatus.Success
                MsgBox("Verified!")
                Me.Hide()
                registration.Show()
                Else
 
                EventHandlerStatus = Gui.EventHandlerStatus.Failure
                MsgBox("Please Try Again!")
                End If
 
I'm using DigitalPersona 4500 BTW
Posted 29-Apr-13 0:50am
Edited 29-Apr-13 0:51am
v2
Comments
Keith Barrow at 29-Apr-13 6:01am
   
Can you let us know which line is throwing the error?
Also "Select template from usertbl where username='" + registration.txtusername.Text + "'" is bad. You might want to look up "SQL Injection attack." for the reasons why. Parameterise your query and all will be well.
Justin Jendrick Nocillado at 29-Apr-13 6:43am
   
in this Line:
<pre lang="vb">bytes = usr</pre>
 
This is the fullcode
 
<pre lang="vb">
 
Private WithEvents verifyControl As DPFP.Gui.Verification.VerificationControl
Private matcher As DPFP.Verification.Verification
Private matchResult As DPFP.Verification.Verification.Result
Private allReaderSerial As String = "00000000-0000-0000-0000-000000000000"
Public template As DPFP.Template
 
Private userTemplateColumn As String = "Template"
Private userIDColumn As String = "ID"
Dim bytes As Byte()
Private Sub CreateDPControl(ByRef control As DPFP.Gui.Verification.VerificationControl)
Try
control = New DPFP.Gui.Verification.VerificationControl()
control.AutoSizeMode = Windows.Forms.AutoSizeMode.GrowAndShrink
control.Name = "verifyControl"
control.Location = New System.Drawing.Point(0, 0)
control.ReaderSerialNumber = "00000000-0000-0000-0000-000000000000"
control.Visible = True
control.Enabled = True
control.BringToFront()
 

Me.Controls.Add(control)
 
Catch ex As Exception
MessageBox.Show("exception")
End Try
End Sub
 
Private Function ConnectString() As String
 
Dim connectionString As String
connectionString = "*****************************"
 
Return connectionString
 
End Function
 
Private Sub VerifyBiometric_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
matcher = New Verification.Verification()
matchResult = New Verification.Verification.Result
CreateDPControl(verifyControl)
End Sub
 

 
Private Sub verifyControl_OnComplete(ByVal Control As Object, ByVal FeatureSet As DPFP.FeatureSet, ByRef EventHandlerStatus As DPFP.Gui.EventHandlerStatus) Handles verifyControl.OnComplete
 
Dim dataSet As DataSet = New DataSet()
Dim adapter As SqlDataAdapter = New SqlDataAdapter()
Dim sqlCommand As SqlCommand = New SqlCommand()

Dim ctr = 0
Try
 
Dim max As Integer = 0
 

Dim cn As New SqlConnection(ConnectString())
cn.Open()
 
sqlCommand.CommandText = "Select template from usertbl where username='" + registration.txtusername.Text + "'"
sqlCommand.CommandType = CommandType.Text
sqlCommand.Connection = cn
 
Dim lrd As SqlDataReader = sqlCommand.ExecuteReader()
Dim usr
While lrd.Read()
usr = lrd("template")
End While
 

bytes = Nothing
bytes = usr
 
template = New DPFP.Template()
template.DeSerialize(usr)
'Perform match
matcher.Verify(FeatureSet, template, matchResult)
If matchResult.Verified Then
EventHandlerStatus = Gui.EventHandlerStatus.Success
MsgBox("Verified!")
Me.Hide()
registration.Show()
Else
 
EventHandlerStatus = Gui.EventHandlerStatus.Failure
MsgBox("Please Try Again!")
End If
 


Finally
 
End Try
 
End Sub</pre>
Keith Barrow at 29-Apr-13 7:46am
   
Should have been able to work that one out. Monday mornings bah!
Matej Hlatky's reply basically contains everything I was going to say....

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

I can see couple of problems in your code, where to start?
  1. Prevent query from SQL injections, like Keith Barrow pointed out.
    Use SqlCommand.Parameters Property[^] instead of string concatenation.
  2. You are loading value of template column, wich is of type NVarChar(n) (String) into usr variable and then assigning into bytes of type Byte().
  3. I am pretty sure, that when User enrolls, you have to store fingerprint template (DPFP.Template) into binary data type and not the String!
  4. You should also use SqlCommand.ExecuteScalar Method[^] for getting single column value.
  Permalink  
v4
Comments
Justin Jendrick Nocillado at 29-Apr-13 11:04am
   
I'll try that later.Thanks
 
----
 
Problem Solved! Thanks Matej and Keith.
 
BTW, is this correct? to avoid sql injections?
 
sqlCommand.CommandText = "Select " + userTemplateColumn + " from " + userTable + " where username='" + registration.txtusername.Text + "'"
Matej Hlatky at 30-Apr-13 2:47am
   
Hi, you are welcome.
Check my 1st point in updated answer.
Justin Jendrick Nocillado at 30-Apr-13 10:53am
   
Get it. Thanks for helping :)
Member 11046115 at 3-Sep-14 12:49pm
   
What was the solution Justin
Member 10892825 at 29-Jun-14 7:23am
   
having a problem of using fingerprint to search my sql server database. when you place your finger on the dpfp scanner, then relevant information is returned

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web02 | 2.8.141220.1 | Last Updated 30 Apr 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100