Click here to Skip to main content
14,545,215 members
Rate this:
Please Sign up or sign in to vote.
See more:
Server Error in '/' Application.
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error:


Line 20: string checkuser = "SELECT * FROM register where [USERNAME]='"+TextBoxunm.Text+"'";
Line 21: SqlCommand com = new SqlCommand(checkuser,conn);
Line 22: int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
Line 23: if (temp == 1)
Line 24: {

Source File: C:\Users\Hetvi\source\repos\loginpage\loginpage\register.aspx.cs Line: 22

Stack Trace:


[NullReferenceException: Object reference not set to an instance of an object.]
loginpage.register.Page_Load(Object sender, EventArgs e) in C:\Users\Hetvi\source\repos\loginpage\loginpage\register.aspx.cs:22
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +52
System.Web.UI.Control.OnLoad(EventArgs e) +97
System.Web.UI.Control.LoadRecursive() +61
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +693




here is my program aspx.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

namespace loginpage
{
    public partial class register : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
           if(IsPostBack)
            {
                SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["KNOWLEDGEConnectionString"].ConnectionString);
                conn.Open();
                string checkuser = "SELECT * FROM register where [USERNAME]='"+TextBoxunm.Text+"'";
                SqlCommand com = new SqlCommand(checkuser,conn);
                int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
                if (temp == 1)
                {
                    Response.Write("user already exsist");
                }
                conn.Close();
            }
        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            try
            {
                SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["KNOWLEDGEConnectionString"].ConnectionString);
                conn.Open();
                string insertquery = "insert into register(username,email password,country) values(@un,@email,@pass,@coun)";
                SqlCommand com = new SqlCommand(insertquery, conn);
                com.Parameters.AddWithValue("@un",TextBoxunm.Text);
                com.Parameters.AddWithValue("@email",TextBoxemail.Text);
                com.Parameters.AddWithValue("@pass",TextBoxpass.Text);
                com.Parameters.AddWithValue("@coun",TextBoxcoun.Text);
                com.ExecuteNonQuery();
                Response.Redirect("Manager.aspx");
                Response.Write("registration sucessfull");
                conn.Close();
            }
            catch(Exception ex)
            {
                Response.Write("error :"+ex.ToString());
            }
        }
    }
}


What I have tried:

i checked my database connections
Posted
Updated 21-May-20 20:42pm
Comments
Richard Deeming 22-May-20 6:39am
   
In addition to the SQL Injection[^] vulnerability in your code, you're also storing passwords in plain text. Don't do that.

Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]
Rate this:
Please Sign up or sign in to vote.

Solution 3

There are a few problems with lines 20-22

The first problem is line 20 itself; it is a textbook case of a SQL Injection Vulnerability.
NEVER EVER should an SQL query be created concatenating by together commands and variables. The proper thing to use is a SQL Parameter[^]. You replace the variable with placeholder and you add to the commands Parameter collection to assign the value to the placeholder.
string checkuser = "SELECT * FROM register where [USERNAME] = @User";
SqlCommand com = new SqlCommand(checkuser,conn);
com.Parameters.AddWithValue("@User", TextBoxunm.Text);
The second problem is the query does not seem to be right for what you are wanting to do. It looks like you simply want check to see if a user name is valid.
The query you wrote will return everything about the user BUT only if that user is found.
1. If the user is found you return the entire matching record. The first column is probably a numerical primary key or identity. So your code seems to work fine.
2. If a user is not found, then SQL will return a NULL. Thus the error

The solution is simple; change EITHER the query OR the method used.

Changing the SQL Query is the most efficient way for both the database and the application.
string checkuser = "SELECT Count(*) FROM register where [USERNAME] = @User";
The other way is less efficient as the DB will still be returning a full record and pass that to the application. But it is a viable alternative
int temp = com.ExecuteNonQuery();
   
v2
Rate this:
Please Sign up or sign in to vote.

Solution 2

This is one of the most common problems we get asked, and it's also the one we are least equipped to answer, but you are most equipped to answer yourself.

Let me just explain what the error means: You have tried to use a variable, property, or a method return value but it contains null - which means that there is no instance of a class in the variable.
It's a bit like a pocket: you have a pocket in your shirt, which you use to hold a pen. If you reach into the pocket and find there isn't a pen there, you can't sign your name on a piece of paper - and you will get very funny looks if you try! The empty pocket is giving you a null value (no pen here!) so you can't do anything that you would normally do once you retrieved your pen. Why is it empty? That's the question - it may be that you forgot to pick up your pen when you left the house this morning, or possibly you left the pen in the pocket of yesterdays shirt when you took it off last night.

We can't tell, because we weren't there, and even more importantly, we can't even see your shirt, much less what is in the pocket!

Back to computers, and you have done the same thing, somehow - and we can't see your code, much less run it and find out what contains null when it shouldn't.
But you can - and Visual Studio will help you here. Run your program in the debugger and when it fails, VS will show you the line it found the problem on. You can then start looking at the various parts of it to see what value is null and start looking back through your code to find out why. So put a breakpoint at the beginning of the method containing the error line, and run your program from the start again. This time, VS will stop before the error, and let you examine what is going on by stepping through the code looking at your values.

But we can't do that - we don't have your code, we don't know how to use it if we did have it, we don't have your data. So try it - and see how much information you can find out!
   
Rate this:
Please Sign up or sign in to vote.

Solution 1

I'm pretty sure in this line
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
you don't need the .ToString() call, and that may be the source of your issue.

try
int temp = Convert.ToInt32(com.ExecuteScalar());
or even just
Int32 temp = 0;
temp = (Int32)com.ExecuteScalar();
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100