Click here to Skip to main content
13,864,419 members
Rate this:
 
Please Sign up or sign in to vote.
See more:
I am trying to code for login in asp.net web application form. using sql data base.
i am getting error this- "The ConnectionString property has not been initialized."
Here i get error dialogbox extension-
con = new SqlConnection(str);
           con.Open();
           str = "Select count(*) from admin where UserName='" + (TextBox1.Text) + "'
            and Password='" + (TextBox2.Text) + "' ";
           cmd = new SqlCommand(str, con);
           int temp = Convert.ToInt32(cmd.ExecuteScalar().ToString());
           SqlDataReader sdr = cmd.ExecuteReader();


the error pointer shows here-"con.open();"

And My web.config file is-<?xml version="1.0"?>

<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->

<configuration>
<connectionStrings>
<add name="NoveltySystemConnectionString" connectionString="Data Source=HOME-PC\SQLEXPRESS;Initial Catalog=NoveltySystem;Integrated Security=True;Pooling=False" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
</system.web>

</configuration>


Please anyone help me quick..Thankyou

What I have tried:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data.Sql;
using System.Configuration;
using System.Data;

namespace NovletyShop
{
    public partial class Login : System.Web.UI.Page
    {
        String str;
        SqlConnection con;
        SqlCommand cmd;
        
       
        protected void Page_Load(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection();
            var constring = ConfigurationManager.ConnectionStrings["NoveltySystemConnectionString"].ConnectionString;
           
            
        }

        protected void loginB_Click(object sender, EventArgs e)
        {

            con = new SqlConnection(str);
            con.Open();
            str = "Select count(*) from admin where UserName='" + (TextBox1.Text) + "' and Password='" + (TextBox2.Text) + "' ";
            cmd = new SqlCommand(str, con);
            int temp = Convert.ToInt32(cmd.ExecuteScalar().ToString());
            SqlDataReader sdr = cmd.ExecuteReader();
           
            con.Close();
            if (sdr.Read()) 
            {
                Session["User"] = TextBox1.Text;
                Response.Redirect("AdBooks.aspx");
            }
            else
            {
                Response.Write("<script>alert('Somting Wrong..');</script>");

            }
        }
    }
}
Posted
Updated 17-Jan-19 0:28am
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

In the load event you put the connecting string in "constring" but you use "str" when opening it, which is a string variable you haven't put anything in yet. Also you define constring in the load event so it isn't available outside of that event. Change the code to

namespace NovletyShop
{
    public partial class Login : System.Web.UI.Page
    {
        String str;
        String constring;
        SqlConnection con;
        SqlCommand cmd;
        
       
        protected void Page_Load(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection();
            constring = ConfigurationManager.ConnectionStrings["NoveltySystemConnectionString"].ConnectionString;
           
            
        }

        protected void loginB_Click(object sender, EventArgs e)
        {

            con = new SqlConnection(constring);
   
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

Check the actual string in the debugger: put a breakpoint on the line
con = new SqlConnection(str);
and look at exactly what str contains. At a guess, it's null or the empty string because the connection string read code hasn't been executed, or the web.config isn't what you think it is.
Either way, we can't check for you - it needs your code running to look at what is going on, and we can't do that for you - which means the debugger!

But don't do your code like that (particularly not in a web based system!)
Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

And never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
   
Comments
Member 14083059 17-Jan-19 3:35am
   
Thank you sir giving your response @OriginalGriff
OriginalGriff 17-Jan-19 3:40am
   
You're welcome!
Member 14083059 17-Jan-19 4:25am
   
but my error not solve
Member 14083059 17-Jan-19 4:25am
   
but my error not solve
OriginalGriff 17-Jan-19 4:38am
   
That's because you didn't read what I said:

"Either way, we can't check for you - it needs your code running to look at what is going on, and we can't do that for you - which means the debugger!"

So use the debugger, and find out what is in the string. When you know that, you can start looking for why it's like that - but until you do, you know nothing except "something failed".
Fixing a problem like this needs your code running; it can't be fixed without that. And we can't run your code: we don't have most of it, we don't have access to your DB, or even your DB server!
So you need to do the "donkey work" - gather information and start working out why it's the way it is!
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 3

Well, in load event you are reading connection string from config in a local block variable constring , initialize your global variable str with connection sting.

partial class Login : System.Web.UI.Page
    {
        String str;
        SqlConnection con;
        SqlCommand cmd;        
       
        protected void Page_Load(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection();
            str = ConfigurationManager.ConnectionStrings["NoveltySystemConnectionString"].ConnectionString;
}
protected void loginB_Click(object sender, EventArgs e)
        {

            con = new SqlConnection(str);
            con.Open();            
        }
    }
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Cookies | Terms of Service
Web01 | 2.8.190214.1 | Last Updated 17 Jan 2019
Copyright © CodeProject, 1999-2019
All Rights Reserved.
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100