Results 1 to 7 of 7

Thread: ExecuteScalar

  1. #1
    Join Date
    Feb 2007
    Posts
    42

    Unanswered: ExecuteScalar

    Code:
    private void buttonLogin_Click(object sender, EventArgs e)
            {
                SqlConnection conn = new SqlConnection();
                conn.ConnectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\PEService.mdf;Integrated Security=True;User Instance=True";
                conn.Open();
                string strSQL = "Select Count(*) as ctr From Cust Where Email=" + textBoxEmail + "and Passwd=" + textBoxPW;
               
                SqlCommand cmd = new SqlCommand(strSQL,conn);
                int ctr=(int)cmd.ExecuteScalar();
                if (ctr == 1)
                    MessageBox.Show("Correct");
                else
                    MessageBox.Show("Wrong");
                conn.Close();
            }
    i have this code for my login form. when i remove conn.Open(); in the code
    it says... ExecuteScalar requires an open and available Connection. The connection's current state is closed.

    and when i put conn.Open();
    it says... An attempt to attach an auto-named database for file C:\... failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.

    what is the problem?

  2. #2
    Join Date
    Jan 2005
    Posts
    28
    Hi,

    I think the strSQL should be set as follows. I added the (') characters.

    string strSQL = "Select Count(*) as ctr From Cust Where Email='" + textBoxEmail + "'and Passwd='" + textBoxPW + "'";


    Eralper
    http://www.kodyaz.com

  3. #3
    Join Date
    Feb 2004
    Location
    One Flump in One Place
    Posts
    14,912
    Is this production code? You know it is pretty well textbook bad practice as regards security yeah?
    Testimonial:
    pootle flump
    ur codings are working excelent.

  4. #4
    Join Date
    May 2004
    Location
    Seattle
    Posts
    1,313
    besides the serious sql injection issues pootle_flump is referring to, there are some other (less serious) problems:

    you should use the "using" keyword around use of SqlCommand and SqlConnection. that way they get disposed properly when they go out of scope.

    currently you are not disposing your SqlCommand at all, so it will cause resource leaks.

  5. #5
    Join Date
    Feb 2007
    Posts
    42
    now, i added the using keyword as well as the correct sql statement but still, the same problem.

    i have also read about SQL Server Management Studio. Has it something to do with the problems occurring? but i don't have it installed with my visual studio 2005! how to have it?

    and to pootle flump, can u further explain because im just a newbie. tnx
    Last edited by wishlister; 03-23-07 at 23:35.

  6. #6
    Join Date
    Feb 2007
    Posts
    42
    i've solved my problem.. it was all about connection failure. tnx!

  7. #7
    Join Date
    May 2004
    Location
    Seattle
    Posts
    1,313
    Here's what you should do to avoid the sql injection problem:

    http://weblogs.sqlteam.com/jeffs/arc.../21/10728.aspx
    http://msdn2.microsoft.com/en-us/lib...arameters.aspx

    and here's what could happen if you don't fix it (credit pootle for this link, it's a nice little video demonstration):

    http://www.rockyh.net/AssemblyHijack...Hijacking.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •