|
Great. Thank you very much
|
|
|
|
|
Topic cont'd... of type 'System.Data.Odbc.OdbcException' occurred in system.data.dll
Additional Information : System error
First of all hello, this is my first post, great site here, seems like their a lot of knowledgable people. Anyway I am just beginning to learn C#. I am creating a program for where I work for employees to login with a username and password and after successfully logging in they can clock in and clock out.
I am working on the login page first, known as form1 in my project. When the user clicks the "Login" button(known as button1) I would like it to load the next form where the user will be able to clock in and clock out. All the usernames and passwords are on a Access table. They will not be able to create their own but just use the preset ones. I want the program to check if what the user entered in as the username and password match whats on the table and if it does not, then it will display an error.
Here is a little snip of my code and I will point out which line the error points to:
public void button1_Click(object sender, System.EventArgs e) <br />
{ <br />
OdbcDataReader myReader; <br />
string myConnString = "DSN=MS Access Database;DefaultDir=C:\\DOCUMENTS AND SETTINGS\\OWNER\\MY DOCUMENTS;DriverId=25;DBQ=C:\\DOCUMENTS AND SETTINGS\\OWNER\\MY DOCUMENTS\\login.mdb;MaxBufferSize=2048;FIL=MS Access;PageTimeout=5;UID=admin"; <br />
string mySelectQuery = "SELECT Username, Password FROM tblLogin WHERE Username = " + txtUserName.Text; <br />
OdbcConnection myConnection = new OdbcConnection(myConnString); <br />
OdbcCommand myCommand = new OdbcCommand(mySelectQuery,myConnection); <br />
myConnection.Open(); <br />
[CODE]myReader = myCommand.ExecuteReader();[/CODE] <br />
while(myReader.IsDBNull(0)) <br />
{ <br />
lblErrorUser.Visible=true; <br />
}
The error points to the myReader = myCommand.ExecuteReader() line.
It does open the connection fine but when I click the Login button the error above comes up. If I comment in that line(using //) and the while loop, the program runs fine, well doesnt do what I want it to do but when I click the Login button it opens form2.
I believe it has something to do with the myReader variable. I have declared it as OdbcDataReader myReader where I have all my functions declared. I just noticed that their is a blue squiggly under the myReader where its declared.
Also, just want to mention that before this 'system error' I was recieving the following error: Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
and it was still pointing at the myReader = myCommand.ExecuteReader(); I did not change anything and all of a sudden I was recieving the system error. It still points at the myReader variable though.
Help is greatly appreciated. Thanks!
|
|
|
|
|
The problem you're having is that Username is a string field, so you need to quote your field:
"SELECT Username, Password FROM tblLogin WHERE Username = '" + txtUIserName.Text + "'" BUT NEVER, EVER build SQL expressions using concatenation.
Sorry, but that isn't very smart at all. What if I pass "blah' AND 1=1; drop table tblLogin" from your TextBox ? Bye bye login table. It's even worse that you store passwords in plain text. I could, instead, select all those and impersonate any user on your system. Can you say "lawsuits"?
Read http://www.codeproject.com/script/comments/forums.asp?msg=932507&forumid=1649&XtraIDs=1649&searchkw=parameterized&sd=7%2F8%2F2004&ed=10%2F6%2F2004#xx932507xx[^] for other problems and more things I could do using your SQL concatenation code.
ALWAYS use parameterized queries. Read the link above for an example, or the OleDbParameter class documentation in the .NET Framework SDK.
Also, your expression is very insecure besides not using parameterized queries. Don't select the password as part of the result set. Send the password and use it in the WHERE clause like so:
SELECT COUNT(*) FROM tblLogin WHERE Username = ? AND Password = ? In fact, even that's bad. You should never store passwords in plain text. Hash them using a one-way algorithm like MD5 or SHA1, both of which are supported by the .NET Framework base class libraries (see the MD5 and SHA1 class). Hash the password before sending it to the database server (and I assume this is actually for an ASP.NET application, which belongs in the ASP.NET forum but I'll continue anyway) or across the wire, then compare that to the hash you store in the Password field (using the same query as above).
In fact, even that's insecure. It's subject to replay attacks where someone sniffs your password and while they might not be able to unhash or decrypt it (at least with a given amount of time and resources), they could simply capture the packets, play them back, and you've been 0wned. Instead, store a salt, send it to the client, hash your password + the salt value and send it back to the server.
You should really read many of the good security Patterns and Practices books regarding .NET at http://msdn.microsoft.com/patterns[^].
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles]
|
|
|
|
|
We have a requirement to run a .Net app from a VB6 app. This is no real problem as I'm not doing the VB6 side but is it possible to create a registry entry with the install path of the .Net app at the time of install?
I could populate the reg entry at run time no problem, but this would mean the app must be run once before being called externally.
Alternatively is it possible to run an app atuomatically after an install, so the reg entry can be completed at run time.
Any suggestions welcome, Thanks
|
|
|
|
|
This greatly depends on the setup technology you're using. If you're using an actually installation technology like Windows Installer, InstallShield setup, Wise setup, Nullsoft setup, or anything else then you can write a registry key with the path of the executable. If you're just doing XCOPY deployment (or otherwise dragging and dropping) then no.
You need to consult your installation builder documentation for this. This is not a C#-related question.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles]
|
|
|
|
|
I'm trying to create a custom control in a dll. The class is inherited from the System.Windows.Forms.Panel class. On this new class i place a couple of labels and another panel, but when i add this control on a windows form, i only see the outline of the control but nothing on it. I tried the same thing with the System.Windows.Forms.Usercontrol class and that worked fine, but the moment i inherit from the panel class the trouble starts.
Can anyone tell me what i'm doing wrong?
Thanks,
Reinier.
|
|
|
|
|
You may want to check the Z-Order of your controls
If your panel is in front of all the other controls, you will not see them.
Jon G
www.Gizmocoder.com
|
|
|
|
|
Thanks for the reply. I tried setting the z-order, but still nothing happens. Do you have some other advise?
Thanks.
|
|
|
|
|
Hi all, I am new to .NET and C# in general, so please pardon any stupid questions that I might ask, especially if the solution is glaringly obvious.
Ok, here goes:
I've been working through the visual studio walkthroughs to familiarize myself with the visual environment. Right now I am working on one where you create a dataset in xml that has three tables and their relationships and keys. The tables are customers, orders, and orderdetails. The walkthrough stops there. What I'm trying to do is display these tables in a DataGrid. I've created a sqlConnection, and some sqlDataAdapters. I am able to display the initial table - customers - in my DataGrid. My table is epandable, i.e. I can select a customer and it gives me the option of selecting the orders table. Now here is the problem: How do I populate the new table that appears?
I tried using the sqlDataAdapter.Fill(dataset) for each of the tables with the appropriate sqlDataAdapter for each table. Then I tried to use the DataGrid.Navigate, but that is uncharted territory for me and I am unsure how to continue. Any help is greatly appreciated.
|
|
|
|
|
In case anyone else is having the same problem, I figured it out. Of course it was simple. Instead of using the sqlDataAdapter.Fill(dataset) like in the previous walkthroughs, I had to use sqlDataAdapter.Fill(dataset, "tableName")
|
|
|
|
|
You can also set up the SqlDataAdapter.TableMappings so that "Table", "Table1", "Table2", etc. get mapped to your actual tables names. The generated table names are in the order of the tables in the result set if your expression, view, or stored proc were to return multiple result sets.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles]
|
|
|
|
|
Hi,
Please help me to find a solution for change the windows service logon account and password through code
Thanks in advance
Regards
Subin
|
|
|
|
|
If you want to do this at install time, use a ServiceInstaller and ServiceProcessInstaller which allow you to set the logon account when a service is installed using installutil.exe or the AssemblyInstaller in your own code.
If you want to do this at runtime, you'll need to P/Invoke ChangeServiceConfig like in the following example:
[DllImport("advapi32.dll", CharSet=CharSet.Auto)]
static extern bool ChangeServiceControl(
IntPtr hService,
uint dwServiceType,
uint dwStartType,
uint dwErrorControl,
string lpBinaryPathName,
string lpLoadOrderGroup,
ref uint lpdwTagId,
string lpDependencies,
string lpServiceStartName,
string lpPassword,
string lpDisplayName
); To get the hService handle, you'll need to also P/Invoke OpenService or CreateService . The ServiceController does most of what you need but not in this case, so you're probably better off writing your own class to handle that. I would recommend using the dispose pattern to make sure that any handle you open using OpenService or CreateService is closed using CloseServiceHandle .
Read Service Functions[^] for more information.
You can also visit http://pinvoke.net[^] for many managed signatures for unmanaged functions.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles]
|
|
|
|
|
Hello,
Does exist on the codeproject website any article where a little pretty login function for PocketPC is developed??
thx
regards
pat
|
|
|
|
|
http://www.codeproject.com/info/search.asp[^]
...or use the search box right below the logo on every page on CodeProject.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles]
|
|
|
|
|
Hello,
Unfortunately i did not find a good sample so i develop a login-screen on my own. The course of the events in my application is the following: When the the user logs in some a new form is showed where some user specific information is displayed. The problem can i know in the new form which user with wich userid was logged in?? - Is this possible with taken over a parameter form the login-screen to the other form? if yes how does it work in mobile applications?
Regards
patrick
|
|
|
|
|
Unfortunately i did not find a good sample so i develop a login-screen on my own. The course of the events in my developed application is the following: When the the user logs in a new form is showed where some user specific information is displayed. The problem is how can i know in the new form which user with wich userid was logged in?? - Is this possible with taken over a parameter from the login-screen to the other form? if yes how does it work in mobile applications?
Regards
patrick
|
|
|
|
|
Hi,
The ONLY way I can find to change a bound datagrid's cursor look successfully is to subclass DataGrid and inside the OnMouseMove force the cursor. However, because of some black magic we are using to force row heights on a particular grid I am NOT allowed to subclass it.
Are there any other ways I can force the cursor? Our requirements insist on a 'hand' cursor for all our grids containing selectable items.
thanks,
Deanna
|
|
|
|
|
I am looking for an OLAP control. So far i found two ActiveX controls:
- DynamiCube
- ContourCube
I like the functionality of both controls, but the controls do not support the XP visual styles. Also i prefer a .NET component above the ActiveX controls.
Is such an OLAP control available?
|
|
|
|
|
Search OLAP in .NET section of www.componentsource.com. You will get two hits.
|
|
|
|
|
That's correct. Only these two are OLAP charts. What i need is an OLAP table with multiple dimensions on both the x and y axis.
|
|
|
|
|
Hi
I have simple class
[Serializable]<br />
public class Siren : IDataSourceItem<br />
{<br />
uint _id;<br />
string _Name;<br />
int _InventoryNumber;<br />
string _SirenType;<br />
string _LocationStreet;<br />
string _LocationNumber;<br />
string _Remark;<br />
DateTime _LastDiagnostic;<br />
DateTime _NextDiagnostics;<br />
.<br />
.<br />
.<br />
.<br />
.<br />
.<br />
}
and I have collection of classes of this type
[Serializable]<br />
public class SirenGroup : System.Collections.CollectionBase,IDataSourceItem<br />
{<br />
public SirenGroup(){}<br />
<br />
public int Add(Siren siren)<br />
{<br />
return this.InnerList.Add(siren);<br />
}<br />
<br />
public void Insert(int index,Siren siren)<br />
{<br />
InnerList.Insert(index,siren);<br />
}<br />
<br />
public void Remove(Siren siren)<br />
{<br />
InnerList.Remove(siren);<br />
}<br />
<br />
public new void RemoveAt(int index)<br />
{<br />
InnerList.RemoveAt(index);<br />
}<br />
.<br />
.<br />
.<br />
}
when I serialize this object evrything seems OK
BinaryFormatter binaryFormatter = new BinaryFormatter();<br />
System.IO.MemoryStream memoryStream = new System.IO.MemoryStream(100);<br />
<br />
<br />
try<br />
{<br />
binaryFormatter.Serialize(memoryStream,sirenGroup);<br />
}<br />
catch (System.IO.IOException exc)<br />
{<br />
Utilities.WriteLog.WriteError(exc);<br />
}
when I deserialize it
try<br />
{<br />
System.Type typeObjectType = typeof(Definitions.SirenGroup) ;<br />
if(typeObjectType.IsSerializable)<br />
object sirenGroup = <br />
System.Convert.ChangeType(binaryFormatter.Deserialize(memoryStream),typeObjectType);<br />
}<br />
catch (System.Runtime.Serialization.SerializationException exc)<br />
{<br />
Utilities.WriteLog.WriteError(exc);<br />
}
I get an error : stream ended before analysis was finished
Could anybody please tell me wat can produce this error.
Thank You
Salut!
|
|
|
|
|
If you're doing that all in one go you're going to have to set the MemoryStream's "Position" property back to zero before trying to deserialize.
Also, the use of ChangeType is not necessary as you should be able to cast it directly like so:
Definitions.Sirengroup sirenGroup = (Definitions.SirenGroup)binaryFormatter.Deserialize(memoryStream);
|
|
|
|
|
thank you very much. It was exactly the problem.
Salut!
|
|
|
|
|
Hi all,
I'm currently trying to use an xml-file as datasource for CrystalReports.
Works fine so far, but unfortunately Crystalreports displays the image, which is in the xml-file as base64String, as string.
Is there something like the Convert.FromBase64String() method in Crystalreports, so that my image is actually shown as an image?
Best Regards
Bernd
-------------------------------------------
The light at the end of the tunnel has been switched off temporarily due to budget problems...
|
|
|
|