locked
Exception warning RRS feed

  • Question

  • User433619797 posted

    When my code is ren, the exception warning appear .. 
            OleDbConnection conn = null;        conn = new OleDbConnection(            "Provider=Microsoft.Jet.OLEDB.4.0; " +            "Data Source=" + Server.MapPath("App_Data/db1.mdb"));        conn.Open();        TextBox1.ToString();        TextBox2.ToString();        OleDbCommand acc = new OleDbCommand("SELECT * From [userA] WHARE username='" + TextBox1 + "' AND password= '" + TextBox2 + "'");        OleDbDataReader read = null;        read = acc.ExecuteReader();        while (read.Read())        {            Label1.Text = "Zdravei: > " + read["username"].ToString();        }        conn.Close();
            OleDbConnection conn = null;
            conn = new OleDbConnection(
                "Provider=Microsoft.Jet.OLEDB.4.0; " +
                "Data Source=" + Server.MapPath("App_Data/db1.mdb"));
            conn.Open();
            TextBox1.ToString();
            TextBox2.ToString();
            OleDbCommand acc = new OleDbCommand("SELECT * From [userA] WHARE username='" + TextBox1 + "' AND password= '" + TextBox2 + "'");
            OleDbDataReader read = null;
            read = acc.ExecuteReader();
            while (read.Read())
            {
                Label1.Text = "Zdravei: > " + read["username"].ToString();
            }
            conn.Close();
    Here is my code, the exception warning appear on the line with        read = acc.ExecuteReader(); .
    IvalidOperationException was unhandled by user code.
    This is the warning, what should i do, to fix it ? 

    When my code is ren, the exception warning appear .. 




            OleDbConnection conn = null;        conn = new OleDbConnection(            "Provider=Microsoft.Jet.OLEDB.4.0; " +            "Data Source=" + Server.MapPath("App_Data/db1.mdb"));        conn.Open();        TextBox1.ToString();        TextBox2.ToString();        OleDbCommand acc = new OleDbCommand("SELECT * From [userA] WHARE username='" + TextBox1 + "' AND password= '" + TextBox2 + "'");        OleDbDataReader read = null;        read = acc.ExecuteReader();        while (read.Read())        {            Label1.Text = "Zdravei: > " + read["username"].ToString();        }        conn.Close();



            OleDbConnection conn = null;




            conn = new OleDbConnection(




                "Provider=Microsoft.Jet.OLEDB.4.0; " +


                "Data Source=" + Server.MapPath("App_Data/db1.mdb"));


            conn.Open();


            TextBox1.ToString();


            TextBox2.ToString();


            OleDbCommand acc = new OleDbCommand("SELECT * From [userA] WHARE username='" + TextBox1 + "' AND password= '" + TextBox2 + "'");


            OleDbDataReader read = null;


            read = acc.ExecuteReader();






            while (read.Read())


            {


                Label1.Text = "Zdravei: > " + read["username"].ToString();




            }




            conn.Close();




    Here is my code, the exception warning appear on the line with        read = acc.ExecuteReader(); .




    IvalidOperationException was unhandled by user code.


    This is the warning, what should i do, to fix it ? 


    I'm trying to make a login form, so just to know, if you wounder :D

    Wednesday, December 15, 2010 1:15 PM

Answers

All replies

  • User1014708013 posted

    WHARE username='" + TextBox1 +
     

    Shouldn't that be WHERE?

    Otherwise, please try reposting your code in a better format so it can be read, and supply the exact error message and other relevant detauls.

    Cheers,

    Imar

    Wednesday, December 15, 2010 1:41 PM
  • User-592001383 posted

    I think you are using TextBox1 and TextBox2 (TextBox objects) when you really want TextBox1.Text and TextBox2.Text (strings).

    Also, WHERE is the correct term.

    As an aside, your code is potentially dangerous since it exposes your site to an SQL injection attack.

    Change your OleDbCommand to use parameterized queries instead, passing userid and password as parameters.

    Good luck!

    Wednesday, December 15, 2010 1:42 PM
  • User433619797 posted

     string connect = 
                "Provider=Microsoft.Jet.OLEDB.4.0; " +
                "Data Source=" + Server.MapPath("App_Data/db1.mdb");
            OleDbConnection conn = new OleDbConnection(connect);
            string baseData = "SELECT * From [userA] WHERE username='" + TextBox1 + "' AND password= '" + TextBox2 + "'";
            conn.Open();
            TextBox1.ToString();
            TextBox2.ToString();
            OleDbCommand acc = new OleDbCommand(baseData, conn);
            OleDbDataReader read = null;
            read = acc.ExecuteReader();
            while (read.Read())
            {
                Label1.Text = "Zdravei: > " + read["username"].ToString();
            }
            conn.Close();

     string connect = 
                "Provider=Microsoft.Jet.OLEDB.4.0; " +
                "Data Source=" + Server.MapPath("App_Data/db1.mdb");
            OleDbConnection conn = new OleDbConnection(connect);
            string baseData = "SELECT * From [userA] WHERE username='" + TextBox1 + "' AND password= '" + TextBox2 + "'";
            conn.Open();
            TextBox1.ToString();
            TextBox2.ToString();
            OleDbCommand acc = new OleDbCommand(baseData, conn);
            OleDbDataReader read = null;
            read = acc.ExecuteReader();
    
    
            while (read.Read())
            {
                Label1.Text = "Zdravei: > " + read["username"].ToString();
    
            }
    
            conn.Close();

    So  i change it a bit, is that more OK ? 


    But the exception error is still going on .Any ideas ? 

    Wednesday, December 15, 2010 3:34 PM
  • User1014708013 posted

    Did you see and try out the earlier suggestions such as:

    >> I think you are using TextBox1 and TextBox2 (TextBox objects) when you really want TextBox1.Text and TextBox2.Text (strings).

    >> As an aside, your code is potentially dangerous since it exposes your site to an SQL injection attack.

    >> and supply the exact error message and other relevant details.

    It's a bit hard to help you if you don't help us help you by supplying the relevant information ;-)

    Cheers,

    Imar

    Wednesday, December 15, 2010 5:09 PM
  • User-1199946673 posted

    It's a bit hard to help you if you don't help us help you by supplying the relevant information
     

    Imar, the error is quit simple. In Jet, Password is a reserved word. It should be enclosed in brackets when used as a fieldname:

    SELECT * From [userA] WHERE username=@username AND [password]=@password

    I used parameters in this query:

    http://www.mikesdotnetting.com/Article/26/Parameter-Queries-in-ASP.NET-with-MS-Access

    And for a simple login system read this:

    http://www.mikesdotnetting.com/Article/75/Simple-Login-and-Redirect-for-ASP.NET-and-Access

    But off course, instead of reinventing the wheel, you could also use the build in membership provider using Access. I remember an excellent article about this from some guy named Imar Wink

    http://imar.spaanjaars.com/404/using-the-microsoft-access-providers-to-replace-the-built-in-sql-server-providers

     

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, December 16, 2010 3:04 AM