Click here to Skip to main content
15,118,865 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more: , +
can anybody solve a issue that occurs every time when i loading crystal report, it is asking for logon information

What I have tried:

<pre>  private void button1_Click(object sender, EventArgs e)
        {
            if (TxtCustomer.Text == "" && TxtSONofrom.Text == "" && TxtSONoto.Text == "" && DTSODateFrom.Text != "" && DTSODateTO.Text != "")
            {
                if (MessageBox.Show("Do You Want to Print This Report?", "YESNO", MessageBoxButtons.YesNo) == DialogResult.Yes)
                {
                    BrownERP.ReportViewer cr = new BrownERP.ReportViewer();
                    cr.BringToFront();
                    cr.Show();
                    BrownERP.QuatationReport QTNREP = new BrownERP.QuatationReport();
                    SqlConnection con = new SqlConnection(connectionpath);
                    con.Open();
                    SqlCommand cmd = new SqlCommand("select * from Tbl_QTN where SODate between CONVERT(DATETIME,'" + DTSODateFrom.Text + "',103) and CONVERT(DATETIME,'" + DTSODateTO.Text + "',103) ", con);
                    SqlDataAdapter sda = new SqlDataAdapter(cmd);
                    DataSet ds = new DataSet();
                    sda.Fill(ds, "Tbl_QTN");
                    QTNREP.SetDataSource(ds);
                
                    cr.CRV.ReportSource = QTNREP;
                    cr.CRV.Refresh();
                    con.Close();

                }
                else
                {
                    this.Close();
                }
            }
        }
Posted
Updated 6-Jan-21 20:52pm
Comments
Mycroft Holmes 28-Nov-18 3:45am
   
You used to be able to embed and /or pass credentials into the report or use a specific userid for all reports, we call them functional IDs.
Richard Deeming 28-Nov-18 10:35am
   
SqlCommand cmd = new SqlCommand("select * from Tbl_QTN where SODate between CONVERT(DATETIME,'" + DTSODateFrom.Text + "',103) and CONVERT(DATETIME,'" + DTSODateTO.Text + "',103) ", con);


Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
Sherif Clemnt 29-Nov-18 3:39am
   
i think u didn't understand my question my SQL quary is not a problem. every time i give print crystal report asking for logon information......
after logon report coming
Richard Deeming 29-Nov-18 7:01am
   
Your code contains a critical security vulnerability. One so simple that a three-year-old child can exploit it[^].

Whether or not that's related to the problem you're describing, it's something you URGENTLY need to fix.

1 solution

You need to pass logon info dynamically in your code to avoid this issue. Agree with others, take a look at SQL Injection.
C# Crystal Reports Dynamic Logon parameters[^]
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900