Help with a code in ASP.NET [duplicated]

Navigation
0

I hope you can help me with the following code that I have in visual studio, I am programming a user login, in asp.net with c # and it turns out that in my aspx form called PortalAlumons.aspx.cs I wrote the following code: 

protected void Page_Load(object sender, EventArgs e)
    {
        SqlConnection SqlCon = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectSQL"].ToString());
        SqlCon.Open();

        string query = "SELECT * FROM sisacad.USUARIO WHERE Rut_Nro = '"+Txt_RutNro.Text+"' AND Rut_Dig = ' "+Txt_RutDigito.Text+" ' AND Contrasena = ' "+Txt_Pass.Text+" '  ";

        SqlCommand cMD = new SqlCommand(query, SqlCon);

        string output = cMD.ExecuteScalar().ToString(); //ESTA LINEA ME ARROJA EL ERROR

        if (output == "1")
        {
            Session["user"] = Txt_RutNro.Text;
            Response.Redirect("~/Alumno.aspx");
        }
        else 
        {
            Response.Write("Conexion Fallida");
        }
    }

It turns out that the error that throws me says the following:

  

Object reference not set as an instance of an object.

     

Description: Unhandled exception when executing the current Web request.   Check the stack trace for more information about the   error and where it originated in the code.

     

Exception details: System.NullReferenceException: Object reference   not established as an instance of an object.

     

Source code error:

     

Line 23:

     

Line 24: SqlCommand cMD = new SqlCommand (query, SqlCon);

     

Line 25: string output = cMD.ExecuteScalar (). ToString ();

     

Line 26:

     

Line 27: if (output == "1")

This happens to me when I click on a link that redirects me to the page of the student portal, where the student will be able to log in and later to enter his personal study website. And the error line is 25.

If you could help me, I would be very grateful, thank you.

    
asked by iuninefrendor 03.01.2018 в 06:27
source

1 answer

1

I see a lot of problems in your code.

The error is occurring because cMD.ExecuteScalar() is returning null . ExecuteScalar is normally used when a query returns a single data instead of a set of records, usually when a query is made with an aggregate function without GROUP BY .

If, as in your case, you apply it to a query that will return data from different fields, what it will do is return the value of the first field of the first record, or null if the query does not return any results.

That is, if you do not find a match, the result will not be 0 if not null .

On the other hand, your code is a clear example of code vulnerable to an attack by Sql Injection (I would recommend you to search a bit on the subject online). To avoid this, and for other reasons such as code clarity or performance, you should get used to always building your queries by entering the values through parameters.

Take a look at this example: 

protected void Page_Load(object sender, EventArgs e)
{
    SqlConnection SqlCon = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectSQL"].ToString());
    SqlCon.Open();

    string query =
        "SELECT COUNT(*) FROM sisacad.USUARIO WHERE Rut_Nro=@RutNro AND Rut_Dig=@RutDig AND Contrasena=@Pass";
    SqlCommand cMD = new SqlCommand(query, SqlCon);
    cMD.Parameters.AddWithValue("@RutNro", Txt_RutNro.Text);
    cMD.Parameters.AddWithValue("@RutDig", Txt_RutDigito.Text);
    cMD.Parameters.AddWithValue("@Pass", Txt_Pass.Text);

    int output = (int)cMD.ExecuteScalar();

    if (output>0)
    {
        Session["user"] = Txt_RutNro.Text;
        Response.Redirect(@"~/Alumno.aspx");
    }
    else
    {
        Response.Write("Conexion Fallida");
    }
}
    
answered by 03.01.2018 / 10:21
source
Is there a sentence where a macro lets do the full calculation before jumping to the next sentence? Doubt with reported errors with Valgrind