0

i have a webforms app using asp/C# .net with SQL server 2008. i have a login form that will authenticate access to my webform website. here is the code.

SqlConnection an = new SqlConnection(@"Data Source=REZRTECH\SQLEXPRESS;Initial Catalog=Temp;Integrated Security=True");
            an.Open();
            SqlCommand anc = new SqlCommand();
            anc.Connection = an;
            anc.CommandText = "Select * From Logins where User_name = @usr";
            anc.Parameters.AddWithValue("@usr", TextBox1.Text);



            int count = Convert.ToInt32(anc.ExecuteScalar());//throws input string was not in correct format exception.
            if (count == 0)
                {
                    string swa = "User Does Not Exist";
                    ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + swa + "');", true);
                    return;                      
                }
                else
                {
                 //
                    //if user name and password match goto homepage
                    {
                        Response.Redirect("~/Default.aspx");
                    }
                    else
                    {
                        string swa1 = "Invalid Login Credentials";
                        ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + swa1 + "');", true);
                    }

my table rows are both nvarchar. there is one other thing that is puzzling me, one user_name is admin and its corresponding password is also admin. suppose i enter any thing other than admin, it successfully gives me the error that user is not present. that time the "input string exception is not thrown"

any and all help is appreciated.

4

2 回答 2

2

The exception is happening because you are using ExecuteScalar--designed to return only a single value--and expecting that value to be an Int32 when it isn't. It seems your goal is to determine if the user is valid.

anc.CommandText = "select cast(count(1) as bit) from Logins where User_name = @usr";

then later, change int count = ... to bool isUserValid = (bool)anc.ExecuteScalar().

Using bool instead of int count is a bit more descriptive and maintainable. There's no use in retrieving the count if you don't intend to use the count for something.

于 2014-03-15T14:47:17.463 回答
1

I Suspect that you want to get the total Count of users with the given UserName. if you want to get the Count you need to follow the follwoing SELECT command Syntax:

SELECT COUNT(*) from [TableName] WHERE CNDITION;

SO you are missing Count(*) in your SELECT Statetement.

Replace This:

anc.CommandText = "Select * From Logins where User_name = @usr";

With This:

anc.CommandText = "Select count(*) From Logins where User_name = @usr";
于 2014-03-15T14:44:09.287 回答