Hi friends this is a simple program for password change. I am having an exception in it can anyone pls help me in improving this code.

Question

0.00/5 (No votes)

See more:

SQL-Server-2005

, +

C#

protected void Button1_Click(object sender, EventArgs e)
    {
        try
        {
        cmd.Connection = con;
        con.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["loginconnectionstring"].ConnectionString;
        con.Open();
        if (TextBox3.Text != TextBox2.Text)
        {
            Label5.Visible = true;
            Label5.Text = "Password Doesn't Match Please try Again";
        }
            cmd .CommandType=CommandType .StoredProcedure;
            cmd .CommandText="passchange";
            cmd .Parameters .AddWithValue("@uname", TextBox4.Text);
            cmd .Parameters .AddWithValue ("@pass", TextBox2 .Text);
            cmd .ExecuteNonQuery();
            Label7.Visible = true;
            Label7.Text = "Password Updated Successully";
        }
        catch(Exception ex)
        {
            Label6 .Visible =true;
            Label6 .Text = ex .ToString();
        }
        finally 
        {
            con .Close();
        }
    }

SQL

ALTER proc [dbo].[passchange] 
(
@uname varchar(50),@upass varchar(50)
)
as
update test3 set pass=@upass where username=@uname

Posted 22-Apr-13 20:53pm

rgboss

Add a Solution

Comments

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) 23-Apr-13 2:56am

What is the exception ?

Prasad Khandekar 23-Apr-13 2:58am

You may want to change your code as

if (TextBox3.Text != TextBox2.Text)
{
Label5.Visible = true;
Label5.Text = "Password Doesn't Match Please try Again";
}
else
{
cmd .CommandType=CommandType.StoredProcedure;
cmd .CommandText="passchange";
cmd .Parameters.AddWithValue("@uname", TextBox4.Text);
cmd .Parameters.AddWithValue ("@pass", TextBox2 .Text);
cmd .ExecuteNonQuery();
Label7.Visible = true;
Label7.Text = "Password Updated Successully";
}

arthamsai 23-Apr-13 2:59am

You Entered Again cmd.CommandText="passchange";
This Is Wrong Because Your Are Using Stored Procedure .
SqlCommand cmd = new SqlCommand("DeleteBook", con);
Here DeleteBook is Stored Procedure Name.
Replace
cmd.CommandText="passchange"; to SqlCommand cmd = new SqlCommand("DeleteBook", con);

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Abhimanyu Rawat · Accepted Answer · 2013-04-22T21:01:00

Solution 1

hello,

Your parameter name in procedure and passing in coding are different.

you are passing @upass in procedure and @pass in coding.

Thanks,
Abhimanyu

Posted 22-Apr-13 21:01pm

Abhimanyu Rawat

Comments

rgboss 23-Apr-13 3:37am

thanks abhi

it was my mistake

OriginalGriff · Accepted Answer · 2013-04-22T21:01:00

Solution 2

Please, don't store passwords in clear text - it is a huge security risk. Have a look here: Password Storage: How to do it.[^]

Plus, it is a good practice to do all your validation at the start of a method, so you don't wate time or resources loading stuff you won't use - except in you case, if the new passwords don't match you report a problem and them overwrite the old password anyway, so the user doesn't have a clue what his password is...

Other than that, check your names: "@upass" is not the same as "@pass"...

Posted 22-Apr-13 21:01pm

OriginalGriff

Comments

rgboss 23-Apr-13 3:38am

thank you very much

OriginalGriff 23-Apr-13 3:47am

You're welcome!

rgboss 23-Apr-13 5:13am

There is one more problem in checking username and old password. canu help me???

OriginalGriff 23-Apr-13 5:14am

Depends! :laugh:
What's the problem?

Devangrana · Accepted Answer · 2013-04-22T21:10:00

Solution 3

you are using different name for parameter in SP and coding.

Posted 22-Apr-13 21:10pm

Devangrana

Comments

rgboss 23-Apr-13 3:37am

thanks and
sorry...
it was my typing mistake