Home > database >  Connecting to SQL Server and add user results in an error
Connecting to SQL Server and add user results in an error

Time:05-26

I try to write code in C# to connect to a SQL Server database so I can register an user account but I dont know why I get stuck at

con.Open();

I wrote server name correctly, I have tried with the User ID = sa; and Password = ..;, I tried without password and still nothing.

protected void Button1_Click(object sender, EventArgs e)
{
    SqlConnection con = new SqlConnection("Data Source=DESKTOP-62V61RT/SQLEXPRESS; Initial Catalog =ShopOnlineDB; Integrated Security=False; User ID = sa; Password= ..;");
    con.Open();

    SqlCommand cmd = new SqlCommand("INSERT INTO User (FirstName, LastName, Email, Password) VALUES (@FirstName, @LastName, @Email, @Password)", con);
    cmd.Parameters.AddWithValue("@FirstName", TextBox1.Text);
    cmd.Parameters.AddWithValue("@LastName", TextBox2.Text);
    cmd.Parameters.AddWithValue("@Email", TextBox3.Text);
    cmd.Parameters.AddWithValue("@Password", TextBox4.Text);

    cmd.ExecuteNonQuery();
    con.Close();

    Label1.Text = "Registered with success !";
}

CodePudding user response:

Most likely just a little typo - use a backslash - not a forward slash - in your connection string:

protected void Button1_Click(object sender, EventArgs e)
{
    SqlConnection con = new SqlConnection(@"Data Source=DESKTOP-62V61RT\SQLEXPRESS; Initial Catalog =ShopOnlineDB; Integrated Security=False; User ID = sa; Password= ..;");
    con.Open();

    SqlCommand cmd = new SqlCommand("INSERT INTO User (FirstName, LastName, Email, Password) VALUES (@FirstName, @LastName, @Email, @Password)", con);

    // use the .Add() method, and explicitly define the data type 
    // (and for strings - their max length) for your parameters!
    cmd.Parameters.Add("@FirstName", SqlDbType.VarChar, 50).Value =  TextBox1.Text;
    cmd.Parameters.Add("@LastName", SqlDbType.VarChar, 50).Value = TextBox2.Text;
    cmd.Parameters.Add("@Email", SqlDbType.VarChar, 255).Value = TextBox3.Text;
    cmd.Parameters.Add("@Password", SqlDbType.VarChar, 100).Value = TextBox4.Text;

    cmd.ExecuteNonQuery();
    con.Close();

    Label1.Text = "Registered successfully!";
}

Also - it's typically not a good idea to use the sa user - preferably use either built-in Windows authentication, or create a suitable application user - but don't use the sys admin account - you're just asking for security troubles ...

You should furthermore check out Can we stop using AddWithValue() already? and stop using .AddWithValue() - it can lead to unexpected and surprising results...

And last but not least - you should never ever store passwords in clear text in your database - you should ALWAYS (not exceptions!) hashed and salt your passwords, if you really must store them....

CodePudding user response:

Hello thanks very much for advice and i past the error. But now i have a new one :(. An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code

Additional information: Incorrect syntax near the keyword 'User'.

Page link:https//www.codepudding.com/database/420620.html

Prev:How to get contain letter in c# like in sql
Next:SQL Server Docker container immediately exiting
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding