Invalid object name 'DB'

Question

I am a beginner and would like to implement basic login page using C#.net - web application. I have created database successfully and can test connection worked as well. I get the below error message when the control hits ExecuteReader() command.

Error:

An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code

Additional information: Invalid object name 'UserDB'.

Program:

string LoginDbCS =ConfigurationManager.ConnectionStrings["UserDB"].ConnectionString;
string ID = TextBoxUserId.Text;
SqlConnection Conn = new SqlConnection(LoginDbCS);
{
    string sCmdStr = "select Password from UserDB where UserID=@ID";
    SqlCommand sCmd = new SqlCommand(sCmdStr, Conn);

    SqlParameter param = new SqlParameter();
    param.ParameterName = "@ID";
    param.Value = TextBoxUserId.Text;

    sCmd.Parameters.Add(param);
    Conn.Open();

    SqlDataReader sReader = sCmd.ExecuteReader();
    sReader.Read();

    if ((string)sReader["Password"]==TextBoxPassword.Text)
    {
        Label5.Text = "Login Successful";
    }
    else
    {
        Label5.Text = "No Records found";
    }

    sReader.Close();
    Conn.Close();
}

}

Looking forward for suggestions to fix this crash.

Answer 1

Well, Your question was answered in the comments by sohaiby , but there are some deeper issues with your code, and you should fix those.
I believe that it's easier to learn good coding standards as a beginner then as someone that has experience with bad coding standards, since people often go to what is familiar when thing go bad.

So, here are some bad practices that you should replace ASAP:

• Using reserved words as objects names. See my answer to this question for the specifics of the method I use to name sql objects. Other people might use other methods. you don't have to adopt mine, but it's the best I know of.
• Retrieving all the passwords from the database and check for the correct password in code. You already know what password the user entered. just add it as another parameter to your sql statement and add a condition:
  string sCmdStr = "select * from UserDB where UserID=@ID AND Password = @Password";
• Using a reader for queries where you don't actually need the data.
  In a login page, usually you only want to know if the user have entered the correct user name and password. There is no need for actual data being returned from the database (unless you want to get some details about the user, such as first / last name, last login date, etc'). In these cases you can probably use ExecuteScalar to get a single value from the database.
  If the query returns no results, the ExecuteScalar will return null. read how to handle this here. .
• Use an IDisposable ( SqlConnection in your case) without a Using statement.

I hope this will help you learn better coding standards and improve your coding skills.

Happy programming!