i have a webforms app using asp/C# .net with SQL server 2008. i have a login form that will authenticate access to my webform website. here is the code.
SqlConnection an = new SqlConnection(@"Data Source=REZRTECH\SQLEXPRESS;Initial Catalog=Temp;Integrated Security=True");
an.Open();
SqlCommand anc = new SqlCommand();
anc.Connection = an;
anc.CommandText = "Select * From Logins where User_name = @usr";
anc.Parameters.AddWithValue("@usr", TextBox1.Text);
int count = Convert.ToInt32(anc.ExecuteScalar());//throws input string was not in correct format exception.
if (count == 0)
{
string swa = "User Does Not Exist";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + swa + "');", true);
return;
}
else
{
//
//if user name and password match goto homepage
{
Response.Redirect("~/Default.aspx");
}
else
{
string swa1 = "Invalid Login Credentials";
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + swa1 + "');", true);
}
my table rows are both nvarchar. there is one other thing that is puzzling me, one user_name is admin and its corresponding password is also admin. suppose i enter any thing other than admin, it successfully gives me the error that user is not present. that time the " input string exception is not thrown"
any and all help is appreciated.
The exception is happening because you are using ExecuteScalar
--designed to return only a single value--and expecting that value to be an Int32
when it isn't. It seems your goal is to determine if the user is valid.
anc.CommandText = "select cast(count(1) as bit) from Logins where User_name = @usr";
then later, change int count = ...
to bool isUserValid = (bool)anc.ExecuteScalar()
.
Using bool
instead of int count
is a bit more descriptive and maintainable. There's no use in retrieving the count if you don't intend to use the count for something.
I Suspect that you want to get the total Count
of users with the given UserName
. if you want to get the Count
you need to follow the follwoing SELECT
command Syntax:
SELECT COUNT(*) from [TableName] WHERE CNDITION;
SO you are missing Count(*) in your SELECT Statetement.
Replace This:
anc.CommandText = "Select * From Logins where User_name = @usr";
With This:
anc.CommandText = "Select count(*) From Logins where User_name = @usr";
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.