Click here to Skip to main content
14,664,481 members
Rate this:
Please Sign up or sign in to vote.
See more:
Hello guy
this message shows up and i don't know what to do with
here is the code
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
public partial class _Default : System.Web.UI.Page
{

    protected void Page_Load(object sender, EventArgs e)
    {
        if (IsPostBack)
        {
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
            conn.Open();
            string checkuser = "select count (*) from UsersData where UserName= '" + UserName.Text + "'";
            SqlCommand com = new SqlCommand(checkuser, conn);
            int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
            if (temp == 1)
            {
                Response.Write("User Already Exists");
            }
            conn.Close();
        }
    }
    
    protected void Submit_Click(object sender, EventArgs e)
    {
        try
        {
            Guid newGUDI = Guid.NewGuid();

            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["UsersConnectionString"].ConnectionString);
            conn.Open(); //line 35?
            string insertQuery = "insert into UsersData (ID, UserName, Password, CellPhone, DPT) values (@ID ,@Uname ,@Pass ,@Cell ,@DPT)";
            SqlCommand com = new SqlCommand(insertQuery, conn);
            com.Parameters.AddWithValue("@ID", newGUDI.ToString());
            com.Parameters.AddWithValue("@Uname", UserName.Text);
            com.Parameters.AddWithValue("@Pass", Password.Text);
            com.Parameters.AddWithValue("@DPT", DPT.SelectedItem.Text);

            com.ExecuteNonQuery();
            Response.Redirect("UsersManger.aspx");
            Response.Write("Registration SUCESSFULL");

            conn.Close();
        }
        catch (Exception ex)
        {
            Response.Write("Error:" + ex.ToString());
        }
    }
    protected void DPT_SelectedIndexChanged(object sender, EventArgs e)
    {

    }
}

thanks.
Posted
Updated 19-May-15 0:55am
v2
Comments
Richard MacCutchan 19-May-15 6:16am
   
You use your debugger to capture the place where the error occurs. Then you look to see which reference is null, and correct your code.
Pankit Patel 19-May-15 6:20am
   
in which line you are getting this message ?
Andy Lanng 19-May-15 6:22am
   
Agreed. If you don't tell us where (what line) the error occurs on, then we won't try to guess. If you know what line the error occurs on then you can trace the null object yourself 99 times out of 100
Mantu Singh 19-May-15 6:23am
   
I think u should close connection before redirecting to other page
Sinisa Hajnal 19-May-15 6:28am
   
Call Dispose on the connection object in finally block (add try..catch..finally around database access).

Your message comes along with exact line where it breaks so you shouldn't have any problem resolving it yourself. This is one of the easiest errors you can get.
abdo.kouta 19-May-15 6:39am
   
Error:System.NullReferenceException: Object reference not set to an instance of an object. at _Default.Submit_Click(Object sender, EventArgs e) in c:\Users\BC 2\Documents\Visual Studio 2013\WebSites\WebSite\Default.aspx.cs:line 35
abdo.kouta 19-May-15 6:39am
   
this error shows once i click on save to post user name and password in the data base
Richard MacCutchan 19-May-15 6:50am
   
Not sure why you posted this to me, as it's more or less what I said.
Andy Lanng 19-May-15 6:52am
   
Just to keep it in context. I said 'agreed' so I thought I should reply to your comment so people would know what I 'agreed' with.
Andy Lanng 19-May-15 6:56am
   
I have update your question with a comment in the code ("//line 35?")

Can you please confirm that this line is, in fact, line 35.

Rate this:
Please Sign up or sign in to vote.

Solution 1

ExecuteScalar is "Executes the query, and returns the first column of the first row in the result set returned by the query. Additional columns or rows are ignored." (MSDN)...or null if no records found...
So...if no records com.ExecuteScalar().ToString() will give you a null reference exception...
First check the result of com.ExecuteScalar()!
   
Rate this:
Please Sign up or sign in to vote.

Solution 2

And to add to what Peter says, don't do it like that!
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

Particularly with a web site, and particularly with a sign up page! Otherwise, I can go to your site, click to sign up, and delete your database without you having any idea who the heck I am or where in the world I might be, just by typing in the "username" textbox...
   
Comments
abdo.kouta 19-May-15 6:47am
   
Error:System.NullReferenceException: Object reference not set to an instance of an object. at _Default.Submit_Click(Object sender, EventArgs e) in c:\Users\BC 2\Documents\Visual Studio 2013\WebSites\WebSite\Default.aspx.cs:line 35

this is the error
Rate this:
Please Sign up or sign in to vote.

Solution 4

Not only is your code vulnerable to SQL Injection[^], you're also storing passwords in plain text.

That's a very bad idea. You should only ever store a salted hash of the password.
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100