Login problem with ExecuteScalar();
-
My users table is that:
CREATE TABLE Users(
ID_Users INT IDENTITY(1,1),
Username VARCHAR(30) UNIQUE,
Password VARCHAR(100) DEFAULT 'password',
Nivel tinyint DEFAULT '3',
PRIMARY KEY(ID_Users));When users give username and password executes the following code:
string sqlUserName;
sqlUserName = "SELECT ID_Users, Username,Password,Nivel FROM Users ";
sqlUserName += " WHERE (Username ='" + UserName + "')";
sqlUserName += " AND (Password ='" + Password + "')";
SqlCommand com = new SqlCommand(sqlUserName, Conn);string existe;
existe = (string)com.ExecuteScalar();if (existe != null)
(...)The problem is, I added five minutes ago "SELECT ID_Users". Now I have the error: "unable to cast int32 to string". I dont understand, because I use sucessfuly tinyint and there is no problem. Ok, its not a int32, but in the end its not the same thing? What should I do ? EDIT: looks like if I do: object existe; existe = com.ExecuteScalar(); There's no error. Can I use it with no problem's ?
To make you understand, I guess
ExecuteScalarexecutes a query and returns only the first column of the first row. All others are just ignored. So why do you select them ?? Anyways,ExecuteScalarreturns an object. So you might usestring existe = com.ExecuteScalar().ToString();But let me remind you, if there is no row selected, this line will through an error. So rather check the object first.object result = com.ExecuteScalar();
if(result != null)
string existe = result.ToString();Hope this is fine. Or you can also check Count(*) to determine if anyone is selected or not in the query. :thumbsup:
Abhishek Sur **Don't forget to click "Good Answer" if you like this Solution.
My Latest Articles-->** Simplify Code Using NDepend
Basics of Bing Search API using .NET
Microsoft Bing MAP using Javascript -
To make you understand, I guess
ExecuteScalarexecutes a query and returns only the first column of the first row. All others are just ignored. So why do you select them ?? Anyways,ExecuteScalarreturns an object. So you might usestring existe = com.ExecuteScalar().ToString();But let me remind you, if there is no row selected, this line will through an error. So rather check the object first.object result = com.ExecuteScalar();
if(result != null)
string existe = result.ToString();Hope this is fine. Or you can also check Count(*) to determine if anyone is selected or not in the query. :thumbsup:
Abhishek Sur **Don't forget to click "Good Answer" if you like this Solution.
My Latest Articles-->** Simplify Code Using NDepend
Basics of Bing Search API using .NET
Microsoft Bing MAP using JavascriptWhy are you trying to use a string as a boolean? The more acceptable way to handle this would...
SELECT CASE COUNT(*) WHEN 0 THEN 0 ELSE 1 END
FROM Users WHERE Username...return Convert.ToBoolean(cmd.ExecuteScalar());
I know the language. I've read a book. - _Madmatt
-
My users table is that:
CREATE TABLE Users(
ID_Users INT IDENTITY(1,1),
Username VARCHAR(30) UNIQUE,
Password VARCHAR(100) DEFAULT 'password',
Nivel tinyint DEFAULT '3',
PRIMARY KEY(ID_Users));When users give username and password executes the following code:
string sqlUserName;
sqlUserName = "SELECT ID_Users, Username,Password,Nivel FROM Users ";
sqlUserName += " WHERE (Username ='" + UserName + "')";
sqlUserName += " AND (Password ='" + Password + "')";
SqlCommand com = new SqlCommand(sqlUserName, Conn);string existe;
existe = (string)com.ExecuteScalar();if (existe != null)
(...)The problem is, I added five minutes ago "SELECT ID_Users". Now I have the error: "unable to cast int32 to string". I dont understand, because I use sucessfuly tinyint and there is no problem. Ok, its not a int32, but in the end its not the same thing? What should I do ? EDIT: looks like if I do: object existe; existe = com.ExecuteScalar(); There's no error. Can I use it with no problem's ?
See other reply for a more acceptable way to handle this. Also, you should be strongly encouraged to not use inline SQL or at the very least use a parameterized query. Search Google for SQL Injection attack.
I know the language. I've read a book. - _Madmatt
-
Why are you trying to use a string as a boolean? The more acceptable way to handle this would...
SELECT CASE COUNT(*) WHEN 0 THEN 0 ELSE 1 END
FROM Users WHERE Username...return Convert.ToBoolean(cmd.ExecuteScalar());
I know the language. I've read a book. - _Madmatt
Check the last line.. I think I have already mentioned that.. . I think the author wants to use the UserID or the data that is selected. So he wrote like this. ;)
Abhishek Sur **Don't forget to click "Good Answer" if you like this Solution.
My Latest Articles-->** Simplify Code Using NDepend
Basics of Bing Search API using .NET
Microsoft Bing MAP using Javascript -
See other reply for a more acceptable way to handle this. Also, you should be strongly encouraged to not use inline SQL or at the very least use a parameterized query. Search Google for SQL Injection attack.
I know the language. I've read a book. - _Madmatt
Mark Nischalke wrote:
you should be strongly encouraged to not use inline SQL or at the very least use a parameterized query.
I accept with you in this regard. :rose::rose:
Abhishek Sur **Don't forget to click "Good Answer" if you like this Solution.
My Latest Articles-->** Simplify Code Using NDepend
Basics of Bing Search API using .NET
Microsoft Bing MAP using Javascript -
To make you understand, I guess
ExecuteScalarexecutes a query and returns only the first column of the first row. All others are just ignored. So why do you select them ?? Anyways,ExecuteScalarreturns an object. So you might usestring existe = com.ExecuteScalar().ToString();But let me remind you, if there is no row selected, this line will through an error. So rather check the object first.object result = com.ExecuteScalar();
if(result != null)
string existe = result.ToString();Hope this is fine. Or you can also check Count(*) to determine if anyone is selected or not in the query. :thumbsup:
Abhishek Sur **Don't forget to click "Good Answer" if you like this Solution.
My Latest Articles-->** Simplify Code Using NDepend
Basics of Bing Search API using .NET
Microsoft Bing MAP using Javascript -
Because I also use SqlDataReader :) I will use object, I think in this case is the best choice for me :) Many thanks for all your help!
Maxdd 7 wrote:
Many thanks for all your help!
You are most welcome bro... Cheers. :thumbsup:
Abhishek Sur **Don't forget to click "Good Answer" if you like this Solution.
My Latest Articles-->** Simplify Code Using NDepend
Basics of Bing Search API using .NET
Microsoft Bing MAP using Javascript -
Because I also use SqlDataReader :) I will use object, I think in this case is the best choice for me :) Many thanks for all your help!
Maxdd 7 wrote:
Because I also use SqlDataReader
That has nothing to do with it. DataReader provides methods such as GetString, GetInt, GetBoolean. Learning to use the tools properly will be a great benefit to you in the future.
I know the language. I've read a book. - _Madmatt
-
Check the last line.. I think I have already mentioned that.. . I think the author wants to use the UserID or the data that is selected. So he wrote like this. ;)
Abhishek Sur **Don't forget to click "Good Answer" if you like this Solution.
My Latest Articles-->** Simplify Code Using NDepend
Basics of Bing Search API using .NET
Microsoft Bing MAP using JavascriptAbhishek Sur wrote:
So he wrote like this
This doesn't lessen our responsibility to also point out misunderstandings and mistakes in usage and give guidance on more correct ways of implementation.
I know the language. I've read a book. - _Madmatt
-
Maxdd 7 wrote:
Because I also use SqlDataReader
That has nothing to do with it. DataReader provides methods such as GetString, GetInt, GetBoolean. Learning to use the tools properly will be a great benefit to you in the future.
I know the language. I've read a book. - _Madmatt
I was just answering to this question: " To make you understand, I guess ExecuteScalar executes a query and returns only the first column of the first row. All others are just ignored. So why do you select them ?? " I use SqlData reader (I erased those lines on first post here) so I can extract those values.
-
My users table is that:
CREATE TABLE Users(
ID_Users INT IDENTITY(1,1),
Username VARCHAR(30) UNIQUE,
Password VARCHAR(100) DEFAULT 'password',
Nivel tinyint DEFAULT '3',
PRIMARY KEY(ID_Users));When users give username and password executes the following code:
string sqlUserName;
sqlUserName = "SELECT ID_Users, Username,Password,Nivel FROM Users ";
sqlUserName += " WHERE (Username ='" + UserName + "')";
sqlUserName += " AND (Password ='" + Password + "')";
SqlCommand com = new SqlCommand(sqlUserName, Conn);string existe;
existe = (string)com.ExecuteScalar();if (existe != null)
(...)The problem is, I added five minutes ago "SELECT ID_Users". Now I have the error: "unable to cast int32 to string". I dont understand, because I use sucessfuly tinyint and there is no problem. Ok, its not a int32, but in the end its not the same thing? What should I do ? EDIT: looks like if I do: object existe; existe = com.ExecuteScalar(); There's no error. Can I use it with no problem's ?
where do username and password come from ? Does the user input them ? If they do, this is terrible code. Even if they don't, it is not great.
Christian Graus Driven to the arms of OSX by Vista. Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.