System.NullReferenceException error Rate this

Question

2.00/5 (1 vote)

See more:

Hello guy
this message shows up and i don't know what to do with
here is the code

C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
public partial class _Default : System.Web.UI.Page
{

    protected void Page_Load(object sender, EventArgs e)
    {
        if (IsPostBack)
        {
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
            conn.Open();
            string checkuser = "select count (*) from UsersData where UserName= '" + UserName.Text + "'";
            SqlCommand com = new SqlCommand(checkuser, conn);
            int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
            if (temp == 1)
            {
                Response.Write("User Already Exists");
            }
            conn.Close();
        }
    }
    
    protected void Submit_Click(object sender, EventArgs e)
    {
        try
        {
            Guid newGUDI = Guid.NewGuid();

            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["UsersConnectionString"].ConnectionString);
            conn.Open(); //line 35?
            string insertQuery = "insert into UsersData (ID, UserName, Password, CellPhone, DPT) values (@ID ,@Uname ,@Pass ,@Cell ,@DPT)";
            SqlCommand com = new SqlCommand(insertQuery, conn);
            com.Parameters.AddWithValue("@ID", newGUDI.ToString());
            com.Parameters.AddWithValue("@Uname", UserName.Text);
            com.Parameters.AddWithValue("@Pass", Password.Text);
            com.Parameters.AddWithValue("@DPT", DPT.SelectedItem.Text);

            com.ExecuteNonQuery();
            Response.Redirect("UsersManger.aspx");
            Response.Write("Registration SUCESSFULL");

            conn.Close();
        }
        catch (Exception ex)
        {
            Response.Write("Error:" + ex.ToString());
        }
    }
    protected void DPT_SelectedIndexChanged(object sender, EventArgs e)
    {

    }
}

thanks.

Posted 19-May-15 0:08am

abdo.kouta

Updated 19-May-15 0:55am

Andy Lanng

v2

Add a Solution

Comments

Richard MacCutchan 19-May-15 6:16am

You use your debugger to capture the place where the error occurs. Then you look to see which reference is null, and correct your code.

Andy Lanng 19-May-15 6:22am

Agreed. If you don't tell us where (what line) the error occurs on, then we won't try to guess. If you know what line the error occurs on then you can trace the null object yourself 99 times out of 100

Richard MacCutchan 19-May-15 6:50am

Not sure why you posted this to me, as it's more or less what I said.

Andy Lanng 19-May-15 6:52am

Just to keep it in context. I said 'agreed' so I thought I should reply to your comment so people would know what I 'agreed' with.

Pankit Patel 19-May-15 6:20am

in which line you are getting this message ?

Mantu Singh 19-May-15 6:23am

I think u should close connection before redirecting to other page

Sinisa Hajnal 19-May-15 6:28am

Call Dispose on the connection object in finally block (add try..catch..finally around database access).

Your message comes along with exact line where it breaks so you shouldn't have any problem resolving it yourself. This is one of the easiest errors you can get.

abdo.kouta 19-May-15 6:39am

Error:System.NullReferenceException: Object reference not set to an instance of an object. at _Default.Submit_Click(Object sender, EventArgs e) in c:\Users\BC 2\Documents\Visual Studio 2013\WebSites\WebSite\Default.aspx.cs:line 35

abdo.kouta 19-May-15 6:39am

this error shows once i click on save to post user name and password in the data base

Andy Lanng 19-May-15 6:56am

I have update your question with a comment in the code ("//line 35?")

Can you please confirm that this line is, in fact, line 35.

3 solutions

Solution 4

Not only is your code vulnerable to SQL Injection[^], you're also storing passwords in plain text.

That's a very bad idea. You should only ever store a salted hash of the password.
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

Posted 19-May-15 4:29am

Richard Deeming

Solution 1

ExecuteScalar is "Executes the query, and returns the first column of the first row in the result set returned by the query. Additional columns or rows are ignored." (MSDN)...or null if no records found...
So...if no records com.ExecuteScalar().ToString() will give you a null reference exception...
First check the result of com.ExecuteScalar()!

Posted 19-May-15 0:22am

Kornfeld Eliyahu Peter

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2015-05-19T00:30:00

And to add to what Peter says, don't do it like that!
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

Particularly with a web site, and particularly with a sign up page! Otherwise, I can go to your site, click to sign up, and delete your database without you having any idea who the heck I am or where in the world I might be, just by typing in the "username" textbox...