Click here to Skip to main content
14,693,154 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more: , +
can anybody solve a issue that occurs every time when i loading crystal report, it is asking for logon information

What I have tried:

<pre>  private void button1_Click(object sender, EventArgs e)
        {
            if (TxtCustomer.Text == "" && TxtSONofrom.Text == "" && TxtSONoto.Text == "" && DTSODateFrom.Text != "" && DTSODateTO.Text != "")
            {
                if (MessageBox.Show("Do You Want to Print This Report?", "YESNO", MessageBoxButtons.YesNo) == DialogResult.Yes)
                {
                    BrownERP.ReportViewer cr = new BrownERP.ReportViewer();
                    cr.BringToFront();
                    cr.Show();
                    BrownERP.QuatationReport QTNREP = new BrownERP.QuatationReport();
                    SqlConnection con = new SqlConnection(connectionpath);
                    con.Open();
                    SqlCommand cmd = new SqlCommand("select * from Tbl_QTN where SODate between CONVERT(DATETIME,'" + DTSODateFrom.Text + "',103) and CONVERT(DATETIME,'" + DTSODateTO.Text + "',103) ", con);
                    SqlDataAdapter sda = new SqlDataAdapter(cmd);
                    DataSet ds = new DataSet();
                    sda.Fill(ds, "Tbl_QTN");
                    QTNREP.SetDataSource(ds);
                
                    cr.CRV.ReportSource = QTNREP;
                    cr.CRV.Refresh();
                    con.Close();

                }
                else
                {
                    this.Close();
                }
            }
        }
Posted
Comments
Mycroft Holmes 28-Nov-18 3:45am
   
You used to be able to embed and /or pass credentials into the report or use a specific userid for all reports, we call them functional IDs.
Richard Deeming 28-Nov-18 10:35am
   
SqlCommand cmd = new SqlCommand("select * from Tbl_QTN where SODate between CONVERT(DATETIME,'" + DTSODateFrom.Text + "',103) and CONVERT(DATETIME,'" + DTSODateTO.Text + "',103) ", con);


Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
Sherif Clemnt 29-Nov-18 3:39am
   
i think u didn't understand my question my SQL quary is not a problem. every time i give print crystal report asking for logon information......
after logon report coming
Richard Deeming 29-Nov-18 7:01am
   
Your code contains a critical security vulnerability. One so simple that a three-year-old child can exploit it[^].

Whether or not that's related to the problem you're describing, it's something you URGENTLY need to fix.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900