Error System.IndexOutOfRangeException: RRS feed

  • Question

  • User275962708 posted
    I have a code below.(It validates against a SQL DB(login page).thats is giving me an error! When i try to use :- Session["name"] = dr["username.Text"].ToString(); To catch the username so as to redirect the user logged in to another page....PRINTING Hello:- John .. for example It says ERROR:- System.IndexOutOfRangeException: username.Text What does this mean and how can i correct it PLS HELP!! Thx void Login_Click(Object sender, EventArgs e) { SqlDataReader dr; SqlConnection cn = new SqlConnection("Data Source=(local);Initial Catalog=Northwind;Integrated Security=SSPI;"); cn.Open(); SqlCommand cmdQuestion = new SqlCommand("SELECT Password FROM Users WHERE username = '" + username.Text + "'", cn); dr=cmdQuestion.ExecuteReader(); if(dr.Read()) if(dr["Password"].ToString() == Password.Text) // CookieAuthentication.RedirectFromLoginPage(Email.Text, false); Response.Redirect("testlabel.aspx"); else Msg.Text = "Invalid password."; else Msg.Text = "Email address not found."; //Session["name"] = dr["username.Text"].ToString(); cn.Close(); }
    Thursday, February 19, 2004 5:55 AM

All replies

  • User-408245337 posted
    Try changing Session["name"] = dr["username.Text"].ToString(); to Session["name"] = dr["username"].ToString(); The error means the program can't find the item "username.Text" in the reader.. Hope this helps, Nic
    Thursday, February 19, 2004 7:04 AM
  • User645477409 posted
    NEVER build sql queries this way. This code is wide open to Sql Injection Attacks. What do you think would happen if the user typed "'; DELETE FROM Users;SELECT '" in the textbox? Well, it's easy to see: goodbye, Users table. Always build your queries using strongly-typed Parameter objects, not string concatenation.
    Thursday, February 19, 2004 8:53 PM