c# - I am stuck on an asp.net login form -
i have created asp.net login form. problem want check if username exists in sql database, can't connect database. error message is:
conversion failed when converting varchar value 'system.web.ui.webcontrols.textbox' info type int.
this code :
protected void page_load(object sender, eventargs e) { lblmessage.visible = false; if (!ispostback) { lblsec.text = userutility.generatesecurity(); } } protected void registerbutton_click(object sender, eventargs e) { if (txtusername.text =="" || txtpassword.text=="" || textbox2.text ==""|| sec_code.text == "" ) { lblmessage.text = "لطفا فیلد هارا پر کنید"; lblmessage.visible = true; } else if (!regex.ismatch(txtusername.text,@"^[a-za-z]{5,50}$")) { lblmessage.text = "نام کاربری باید حداقل 5 کاراکتر و از کاراکتر های مجاز استفاده شود"; lblmessage.visible = true; } else if (!regex.ismatch(txtmail.text, @"\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*")) { lblmessage.text = "ایمیل وارد شده معتبر نمی باشد"; lblmessage.visible = true; } else if (txtpassword.text != textbox2.text) { lblmessage.text = "کلمه عبور شما تطابق ندارد"; lblmessage.visible = true; } else if (userutility.user_login_exist(txtusername.text)) { lblmessage.text = "این نام کاربری موجود میباشد"; lblmessage.visible = true; } else if (convert.toint16(sec_code.text) != convert.toint16(session["sec_code"].tostring())) { lblmessage.text = "عبارت امنیتی صحیح نمی باشد"; lblsec.text = userutility.generatesecurity(); lblmessage.visible = true; } else { sqlconnection cnn = new sqlconnection("data source=.;initial catalog=englishdb;integrated security=true"); sqlcommand cmd = new sqlcommand(); cmd.connection=cnn; string sql = @"insert pupil (username,firstname,lastname,age,major,city,country,password,email,cellphone)"; sql += " values('{0}','{1}','{2}','{3}','{4}','{5}','{6}','{7}','{8}','{9}')"; sql = string.format(sql, txtusername, txtlastname, txtlastname, txtage, txtmajor, txtcity, txtcountry, txtpassword, txtmail, txtcellphone); cnn.open(); cmd.commandtext = sql; cmd.executenonquery(); cnn.close(); } }
you have not mentioned .text property textboxes in sql query. instead mentioning command names.
string.format(sql, txtusername.text ... better approach utilize parameterized query instead.
using( sqlconnection cnn = new sqlconnection("data source=.;initial catalog=englishdb;integrated security=true")) { cnn.open(); sqlcommand cmd = new sqlcommand(); cmd.connection=cnn; string sql = @"insert pupil (username,firstname,lastname,age,major,city,country,password,email,cellphone)"; sql += " values(@username,@firstname,@lastname,@age,@major,@city,@country,@password,@email,@cellphone)"; cmd.commandtext = sql; cmd.parameters.addwithvalue(@username, txtusername.text); cmd.parameters.addwithvalue(@firstname, txtfirstname.text); cmd.parameters.addwithvalue(@lastname, txtlastname.text); cmd.parameters.addwithvalue(@age, txtage.text); cmd.parameters.addwithvalue(@major, txtmajor.text); cmd.parameters.addwithvalue(@city, txtcity.text); cmd.parameters.addwithvalue(@country, txtcountry.text); cmd.parameters.addwithvalue(@password, txtpassword.text); cmd.parameters.addwithvalue(@email, txtmail.text); cmd.parameters.addwithvalue(@cellphone, txtcellphone.text); cmd.executenonquery(); } it seems giving value int in single quote well. sqlcommand parameters should solve problems here.
c# asp.net
No comments:
Post a Comment