I am getting error in line 22

Question

1.00/5 (1 vote)

See more:

Server Error in '/' Application.
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error:

Line 20: string checkuser = "SELECT * FROM register where [USERNAME]='"+TextBoxunm.Text+"'";
Line 21: SqlCommand com = new SqlCommand(checkuser,conn);
Line 22: int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
Line 23: if (temp == 1)
Line 24: {

Source File: C:\Users\Hetvi\source\repos\loginpage\loginpage\register.aspx.cs Line: 22

Stack Trace:

[NullReferenceException: Object reference not set to an instance of an object.]
loginpage.register.Page_Load(Object sender, EventArgs e) in C:\Users\Hetvi\source\repos\loginpage\loginpage\register.aspx.cs:22
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +52
System.Web.UI.Control.OnLoad(EventArgs e) +97
System.Web.UI.Control.LoadRecursive() +61
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +693

here is my program aspx.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

namespace loginpage
{
    public partial class register : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
           if(IsPostBack)
            {
                SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["KNOWLEDGEConnectionString"].ConnectionString);
                conn.Open();
                string checkuser = "SELECT * FROM register where [USERNAME]='"+TextBoxunm.Text+"'";
                SqlCommand com = new SqlCommand(checkuser,conn);
                int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
                if (temp == 1)
                {
                    Response.Write("user already exsist");
                }
                conn.Close();
            }
        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            try
            {
                SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["KNOWLEDGEConnectionString"].ConnectionString);
                conn.Open();
                string insertquery = "insert into register(username,email password,country) values(@un,@email,@pass,@coun)";
                SqlCommand com = new SqlCommand(insertquery, conn);
                com.Parameters.AddWithValue("@un",TextBoxunm.Text);
                com.Parameters.AddWithValue("@email",TextBoxemail.Text);
                com.Parameters.AddWithValue("@pass",TextBoxpass.Text);
                com.Parameters.AddWithValue("@coun",TextBoxcoun.Text);
                com.ExecuteNonQuery();
                Response.Redirect("Manager.aspx");
                Response.Write("registration sucessfull");
                conn.Close();
            }
            catch(Exception ex)
            {
                Response.Write("error :"+ex.ToString());
            }
        }
    }
}

What I have tried:

i checked my database connections

Posted 21-May-20 17:27pm

HETVI SHUKLA

Updated 21-May-20 20:42pm

Add a Solution

Comments

Richard Deeming 22-May-20 6:39am

In addition to the SQL Injection[^] vulnerability in your code, you're also storing passwords in plain text. Don't do that.

Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

MadMyche · Answer 1 · 2020-05-21T20:43:00

There are a few problems with lines 20-22

The first problem is line 20 itself; it is a textbook case of a SQL Injection Vulnerability.
NEVER EVER should an SQL query be created concatenating by together commands and variables. The proper thing to use is a SQL Parameter[^]. You replace the variable with placeholder and you add to the commands Parameter collection to assign the value to the placeholder.

C#

string checkuser = "SELECT * FROM register where [USERNAME] = @User";
SqlCommand com = new SqlCommand(checkuser,conn);
com.Parameters.AddWithValue("@User", TextBoxunm.Text);

The second problem is the query does not seem to be right for what you are wanting to do. It looks like you simply want check to see if a user name is valid.
The query you wrote will return everything about the user BUT only if that user is found.
1. If the user is found you return the entire matching record. The first column is probably a numerical primary key or identity. So your code seems to work fine.
2. If a user is not found, then SQL will return a NULL. Thus the error

The solution is simple; change EITHER the query OR the method used.

Changing the SQL Query is the most efficient way for both the database and the application.

SQL

string checkuser = "SELECT Count(*) FROM register where [USERNAME] = @User";

The other way is less efficient as the DB will still be returning a full record and pass that to the application. But it is a viable alternative

C#

int temp = com.ExecuteNonQuery();

OriginalGriff · Answer 2 · 2020-05-21T19:55:00

This is one of the most common problems we get asked, and it's also the one we are least equipped to answer, but you are most equipped to answer yourself.

Let me just explain what the error means: You have tried to use a variable, property, or a method return value but it contains null - which means that there is no instance of a class in the variable.
It's a bit like a pocket: you have a pocket in your shirt, which you use to hold a pen. If you reach into the pocket and find there isn't a pen there, you can't sign your name on a piece of paper - and you will get very funny looks if you try! The empty pocket is giving you a null value (no pen here!) so you can't do anything that you would normally do once you retrieved your pen. Why is it empty? That's the question - it may be that you forgot to pick up your pen when you left the house this morning, or possibly you left the pen in the pocket of yesterdays shirt when you took it off last night.

We can't tell, because we weren't there, and even more importantly, we can't even see your shirt, much less what is in the pocket!

Back to computers, and you have done the same thing, somehow - and we can't see your code, much less run it and find out what contains null when it shouldn't.
But you can - and Visual Studio will help you here. Run your program in the debugger and when it fails, VS will show you the line it found the problem on. You can then start looking at the various parts of it to see what value is null and start looking back through your code to find out why. So put a breakpoint at the beginning of the method containing the error line, and run your program from the start again. This time, VS will stop before the error, and let you examine what is going on by stepping through the code looking at your values.

But we can't do that - we don't have your code, we don't know how to use it if we did have it, we don't have your data. So try it - and see how much information you can find out!

Garth J Lancaster · Answer 3 · 2020-05-21T18:51:00

Solution 1

I'm pretty sure in this line

int temp = Convert.ToInt32(com.ExecuteScalar().ToString());

you don't need the .ToString() call, and that may be the source of your issue.

try

int temp = Convert.ToInt32(com.ExecuteScalar());

or even just

Int32 temp = 0;
temp = (Int32)com.ExecuteScalar();

Posted 21-May-20 18:51pm

Garth J Lancaster

I am getting error in line 22

3 solutions

Solution 3

Solution 2

Solution 1

Add your solution here

Preview 0