New to ASP.NET need help
-
Hi , I'm new to ASP.NET . I'm using visualstdio 2013 web express. I have created a Database and table in it. I have created a registration webform. In the web form if i click 'submit' button the corresponding value should be inserted in those tables and if i click preview the data should be displayed.
-
i get an error when i click submit button {"A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)"}
-
Hi , I'm new to ASP.NET . I'm using visualstdio 2013 web express. I have created a Database and table in it. I have created a registration webform. In the web form if i click 'submit' button the corresponding value should be inserted in those tables and if i click preview the data should be displayed.
-
i get an error when i click submit button {"A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)"}
Basically, when you failed to connect to your SQL Server, the issue could be: 1) Network issue, 2) SQL Server configuration issue. 3) Firewall issue, 4) Client driver issue, 5) Application configuration issue. 6) Authentication and logon issue.
Check these Steps to troubleshoot SQL connectivity issues[^] SQL Server 2005 Connectivity Issue Troubleshoot - Part I[^] Troubleshoot Connectivity Issue in SQL Server 2005 - Part II[^] Troubleshoot Connectivity Issue in SQL Server 2005 - Part III[^]
thatraja
-
Check in your web.config if you have specified properly the connection strings. And one thing are you using MVC?
nope. i just resolved that but got an syntax error in particular line "int temp = Convert.ToInt32(com.ExecuteScalar().ToString());" code SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["userConnectionString"].ConnectionString); cn.Open(); string sel = "select count(*) from Table where username = '" + username.Text + "'"; SqlCommand com = new SqlCommand(sel, cn); int temp = Convert.ToInt32(com.ExecuteScalar().ToString()); if(temp==1) { Response.Write("User already exists..!!"); } cn.Close();
-
nope. i just resolved that but got an syntax error in particular line "int temp = Convert.ToInt32(com.ExecuteScalar().ToString());" code SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["userConnectionString"].ConnectionString); cn.Open(); string sel = "select count(*) from Table where username = '" + username.Text + "'"; SqlCommand com = new SqlCommand(sel, cn); int temp = Convert.ToInt32(com.ExecuteScalar().ToString()); if(temp==1) { Response.Write("User already exists..!!"); } cn.Close();
-
I got an error An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code view details ---> {"Incorrect syntax near the keyword 'Table'."} code: SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["userConnectionString"].ConnectionString); cn.Open(); string sel = "select count(*) from Table where username = '" + username.Text + "'"; SqlCommand com = new SqlCommand(sel, cn); int temp = Convert.ToInt32(com.ExecuteScalar().ToString()); if(temp==1) { Response.Write("User already exists..!!"); }cn.Close();
-
I got an error An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code view details ---> {"Incorrect syntax near the keyword 'Table'."} code: SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["userConnectionString"].ConnectionString); cn.Open(); string sel = "select count(*) from Table where username = '" + username.Text + "'"; SqlCommand com = new SqlCommand(sel, cn); int temp = Convert.ToInt32(com.ExecuteScalar().ToString()); if(temp==1) { Response.Write("User already exists..!!"); }cn.Close();
One thing I would like to mention Hari is seldom use select * from .... always have a habit to write all the column names. Its a very good practice.:) I guess use the name propertyfor the textbox from where you need the name and then write the name in the "--" that might work out. and from the error it seems you miss some Dll's assemblies.. please check using a debugger where exactly you are getting that exception. thanks
-
One thing I would like to mention Hari is seldom use select * from .... always have a habit to write all the column names. Its a very good practice.:) I guess use the name propertyfor the textbox from where you need the name and then write the name in the "--" that might work out. and from the error it seems you miss some Dll's assemblies.. please check using a debugger where exactly you are getting that exception. thanks
thanx (y)
-
I got an error An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code view details ---> {"Incorrect syntax near the keyword 'Table'."} code: SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["userConnectionString"].ConnectionString); cn.Open(); string sel = "select count(*) from Table where username = '" + username.Text + "'"; SqlCommand com = new SqlCommand(sel, cn); int temp = Convert.ToInt32(com.ExecuteScalar().ToString()); if(temp==1) { Response.Write("User already exists..!!"); }cn.Close();
Table is a reserved word in SQL, so it is a bad idea to call a table "Table" - call it something significant, like Registration or UserReg In MSSQl, if you are using a reserved word for something else, such as a table or column name, you must surround it with square brackets e.g. SELECT * from [TABLE] ......
========================================================= I'm an optoholic - my glass is always half full of vodka. =========================================================
-
Table is a reserved word in SQL, so it is a bad idea to call a table "Table" - call it something significant, like Registration or UserReg In MSSQl, if you are using a reserved word for something else, such as a table or column name, you must surround it with square brackets e.g. SELECT * from [TABLE] ......
========================================================= I'm an optoholic - my glass is always half full of vodka. =========================================================
worked.. thanx. (y)
-
nope. i just resolved that but got an syntax error in particular line "int temp = Convert.ToInt32(com.ExecuteScalar().ToString());" code SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["userConnectionString"].ConnectionString); cn.Open(); string sel = "select count(*) from Table where username = '" + username.Text + "'"; SqlCommand com = new SqlCommand(sel, cn); int temp = Convert.ToInt32(com.ExecuteScalar().ToString()); if(temp==1) { Response.Write("User already exists..!!"); } cn.Close();
Your code is susceptible to SQL Injection[^]. For example, if the user types
Robert';DROP TABLE [Table];--in the username textbox, your query becomes:select count(*) from Table where username = 'Robert';DROP TABLE [Table];--'
That's actually two queries; one to select the number of records with the username "Robert", and one to delete the entire table. The "--" at the end comments out the rest of the query. It's quite easy to fix:
// SqlConnection implements IDisposable, so wrap it in a "using" block:
using (SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["userConnectionString"].ConnectionString))
{
cn.Open();// Use a parameterized query to avoid SQL injection: string sel = "select count(\*) from \[Table\] where username = @username"; // SqlCommand also implements IDisposable: using (SqlCommand com = new SqlCommand(sel, cn)) { // Add the parameter to the command: com.Parameters.AddWithValue("@username", username.Text); int temp = Convert.ToInt32(com.ExecuteScalar()); if (temp == 1) { Response.Write("User already exists..!!"); } }}
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Your code is susceptible to SQL Injection[^]. For example, if the user types
Robert';DROP TABLE [Table];--in the username textbox, your query becomes:select count(*) from Table where username = 'Robert';DROP TABLE [Table];--'
That's actually two queries; one to select the number of records with the username "Robert", and one to delete the entire table. The "--" at the end comments out the rest of the query. It's quite easy to fix:
// SqlConnection implements IDisposable, so wrap it in a "using" block:
using (SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["userConnectionString"].ConnectionString))
{
cn.Open();// Use a parameterized query to avoid SQL injection: string sel = "select count(\*) from \[Table\] where username = @username"; // SqlCommand also implements IDisposable: using (SqlCommand com = new SqlCommand(sel, cn)) { // Add the parameter to the command: com.Parameters.AddWithValue("@username", username.Text); int temp = Convert.ToInt32(com.ExecuteScalar()); if (temp == 1) { Response.Write("User already exists..!!"); } }}
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
thanx. :)
