tags:

views:

61

answers:

5
Q: 

Problem filling data table with SQL adapter in ASP.NET

I have a username db table that I'm trying to connect with to compare the username/pass.

Here is my code, it's not working, what am I doing wrong?

DataTable dt = null;

protected void btn_Click_Login(object sender, EventArgs e)
{
    string query = string.Format("SELECT * FROM Users WHERE Username='{0}' AND Password='{1}'", txtUsername.Text, txtPassword.Text);

    using (SqlConnection c = new SqlConnection(ConfigurationManager.ConnectionStrings["RBConnectionString"].ConnectionString))
    {
        c.Open();

        using (SqlDataAdapter a = new SqlDataAdapter(query, c))
        {
            DataTable t = new DataTable();
            a.Fill(t);
        }
    }
    if (dt.Rows.Count > 0)
    {
        Session["Username"] = txtUsername.Text;
        Session["Password"] = txtPassword.Text;
        Response.Redirect("main.aspx");
        lblError.Text = "success";
    }
    else
    {
        lblError.Text = "Wrong Username/Password combination";
    }
}

}

+1  A: 

Try creating a SqlCommand to hold your query.

SqlCommand cmd = new SqlCommand(query, c);

using (SqlDataAdapter a = new SqlDataAdapter(cmd))
{
    DataTable t = new DataTable();
    a.Fill(t);
}

I'm not 100% sure that's your issue, but back in the days when i used to use ADO.NET (before L2SQL/EF, dark days indeed), i seem to remember an issue with DataTable's and SqlDataAdapter.

From what i remember - you can't fill a DataTable with a SqlDataAdapter based on a raw query string - you need to use SqlCommand. But i believe this can be accomplished with DataSet.

So either change to SqlCommand, or change to DataSet.

RPM1984  2010-09-22 11:22:09
+1  A: 

most probably you are using wrong datatable to check no of rows returned.

Check for t and dt instances of datatable.

saurabh  2010-09-22 11:24:46
+1  A: 

You fill t:

DataTable t = new DataTable();
a.Fill(t);

but read dt:

if (dt.Rows.Count > 0)
abatishchev  2010-09-22 11:28:13
haha, didnt even notice that! you're probably right. let me guess, you were really good at those "where's wally" books?
RPM1984  2010-09-22 11:29:46
I'm getting a null reference exception when trying to count the rows in the data table. The debugger says: Object reference not set to an instance of an object.
nick  2010-09-22 18:51:34
@nick - did you make the change @abatishchev mentioned?
RPM1984  2010-09-22 22:10:43
I did make the change, but the datatable kept coming up null. I decided to go with a datareader instead. Got it working that way.
nick  2010-09-23 15:15:24
A: 

What error you are getting is not clear. But i feel your connection is open and is never closed. Try

c.Close();

Anuja Pawar  2010-09-22 12:01:58
A: 

I decided to try the data reader and got it working:

protected void btn_Click_Login(object sender, EventArgs e)
{

   SqlConnection conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["RbConnectionString"].ConnectionString);
    conn.Open();
    string queryString = "SELECT * FROM [Users] WHERE Username=@username AND Password= @password";
   SqlCommand command = new SqlCommand(queryString, conn);
   command.Parameters.AddWithValue("@username", txtUsername.Text);
   command.Parameters.AddWithValue("@password", txtPassword.Text);

   SqlDataReader reader = null;
   reader = command.ExecuteReader();

   if (reader.Read())
   {
       Session["Username"] = txtUsername.Text;
       Session["Password"] = txtPassword.Text;
       Response.Redirect("main.aspx");
   }
   else
   {
       lblError.Visible = true;
       lblError.Text = "Incorrect Username/Password Combination";
   }
    conn.Close();

}
nick  2010-09-23 15:16:44
Is that the correct way to protect against sql injection?
nick  2010-09-23 15:36:30
Yes, that's the proper way to avoid SQL injection.
Dillie-O  2010-09-23 15:51:40

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?