I read the other answers on here but nothing has worked. The issue is if the user enters an incorrect password I get this error (username is fine):
System.NullReferenceException: Object reference not set to an instance of an object.
Stack trace:
[NullReferenceException: Object reference not set to an instance of an object.]
Login.btnLogin_Click(Object sender, EventArgs e) in c:\Users\Michelle\Desktop\COMF510_65300_HS_task_2\Login.aspx.cs:31
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +9628614
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +103
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +35
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1724
the login.aspx.cs :
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnLogin_Click(object sender, EventArgs e)
{
SqlConnection myDB = new SqlConnection(ConfigurationManager.ConnectionStrings["LoginConnectionString"].ConnectionString);
myDB.Open();
string checkUser = "select count (*) from users where username = '"+txtUserName.Text+"'";
SqlCommand com = new SqlCommand(checkUser, myDB);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
myDB.Close();
if (temp == 1)
{
myDB.Open();
string checkPassWord = "select password from users where password = '" + txtPassword.Text + "'";
SqlCommand passCom = new SqlCommand(checkPassWord, myDB);
string pass = passCom.ExecuteScalar().ToString().Replace(" ","");
if(pass == txtPassword.Text)
{
Session["New"] = txtUserName.Text;
Response.Redirect("EmpWelcome.aspx");
}
else
{
Response.Write("Incorrect details! Please try again.");// if password is incorrect
}
}
else
{
Response.Write("Incorrect details! Please try again."); // if username is incorrect
}
}
}
the source error:
Line 31: string pass = passCom.ExecuteScalar().ToString().Replace(" ","");
I'm sure it is an easy fix for experts but I am pretty new in C#. Thank you in advance.