0

Im trying to create a sql question in asp.net that i use for searching from textbox values, the sql i've made works if i search in both textboxes but i want to be able to just search in one and get a result, if i search in one i get the following error: "An exception of type 'System.NullReferenceException' occurred in Projektet.dll but was not handled in user code"

this is the sql 

NpgsqlCommand command = new NpgsqlCommand("SELECT * FROM person WHERE (fornamn LIKE '" + namn.ToUpper() + "%' OR fornamn LIKE '" + namn.ToLower() + "%'  AND efternamn LIKE '" + enamn.ToUpper() + "%' OR efternamn LIKE '" + enamn.ToLower() + "%') AND roll = 1 ORDER BY person_id", conn);
Mattias
  • 2,117
  • 5
  • 20
  • 43
  • 3
    Three words: [Sql Injection Hazard](http://stackoverflow.com/questions/6547986/how-to-prevent-a-sql-injection-escaping-strings) – spender Mar 12 '15 at 12:15
  • 1
    Something is `null`. Probably `namn` or `enamn`. You should be able to determine what by debugging. – juharr Mar 12 '15 at 12:16
  • I kind of want it to allow null tho – Mattias Mar 12 '15 at 12:34
  • You can't call methods on null objects, including ToLower(). You should parameterize your queries (see @spender comment) and use whatever logic you need to deal with nulls before assigning values to the parameters. – Crowcoder Mar 12 '15 at 12:47

0 Answers0