Note: see comments re escaping User and Password.
The first thing we should consider here is: parameters. Right now, if the username/password contain a range of characters, very bad things can happen; so:
command.CommandText = "select * from DataData where [User]=@cn and [Password]=@pw";
command.Parameters.Add(new OleDbParameter("@cn", text_Username.Text));
command.Parameters.Add(new OleDbParameter("@pw", text_Password.Text));
The next problem is plain text passwords, but that’s a huge area — just… don’t ever store passwords as text… ever.
Now, I’m going to assume that the above doesn’t fix it; if so, you need to check how User and Password are defined in the database. The error message suggests that one of them isn’t very text-like.
There’s also a lot of using etc problems in this code which could lead to odd errors related to «open reader» etc; if possible, I strongly recommend a tool like Dapper, which will make it a lot easier to get this kind of code right. For example:
var userIds = connection.Query<string>(
"select [User] from DataData where [User]=@cn and [Password]=@pw",
new { cn = text_Username.Text, pw = text_Password.Text }).AsList();
switch(userIds.Count) {
case 0: // TODO: doesn't exist
case 1: // TODO: perfect
break;
default: // TODO: oops, multiple users
break;
}
- Remove From My Forums
-
Question
-
Following error occur on and off.(Not everytime but rarely occur)
System.AccessViolationException: 'Attempted to read or write protected memory. This is often an indication that other memory is corrupt.'
Here is the code snipet that error occur.
public void GetMessageCreateTimeInRemindHistory(List<DateTime> messagecreatetimelist) { string sret = ""; string SelectSQL = "SELECT patient_id, message_datetime, " + "direction, message_body FROM reminder_history " + "WHERE direction = 2 " + "AND (message_body = '1' OR UCase(message_body) = 'NO')"; using (OleDbConnection conn_CDMR = new OleDbConnection(ConnectionString_CDMR)) { messagecreatetimelist.Clear(); try { using (OleDbCommand command = new OleDbCommand(SelectSQL, conn_CDMR)) { conn_CDMR.Open(); OleDbDataReader reader = command.ExecuteReader(); <===== Error here! if (reader.HasRows) { while (reader.Read()) { if (DBNull.Value.Equals(reader.GetDateTime(1)) == false) { DateTime dt = new DateTime(); dt = Convert.ToDateTime(reader.GetDateTime(1)); messagecreatetimelist.Add(dt); } } } reader.Close(); conn_CDMR.Close(); sret = SelectSQL; } } catch (Exception e) { WriteLog("GetMessageCreateTimeInRemindHistory() failed."); } } return; }Error occur at OleDbDataReader reader = command.ExecuteReader();
Can anybody give me some advise?
-
Edited by
Sunday, March 1, 2020 4:58 AM
-
Edited by
Two possible problems: one is (as 0x01AA said) that the command is not connected to any database. The other is that you should have a space between «SELECT» and «*» in your SQL command — it’s not required, but it’s a good idea — particularly as «SELECT *» is considered a bad idea anyway. You should name your columns in the SELECT so that you only fetch the ones you need.
In addition, Commands and Connections are scarce resources, and it’s a good idea to use a using block to ensure they are closed and disposed as needed.
try { using (OleDbConnection con = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0; Data Source = C:UsersAhmed chDocumentsDatabase1.accdb;Persist Security Info = False;";)) { con.Open(); using (OleDbCommand cmd = new OleDbCommand("SELECT ProductName FROM Sheet2", con)) { using (OleDbDataReader reader = cmd.ExecuteReader()) { while (reader.Read()) { comboBox1.Items.Add(reader["ProductName"].ToString()); } } } } } catch(Exception ex) { MessageBox.Show("Error" + ex); }
private void btnLogin_Click(object sender, EventArgs e)
{
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "select * from Cafelist where Username = '" + txtUsn.Text + "' and Password = '" + txtPass.Text + "'";
OleDbDataReader reader = command.ExecuteReader();
int count = 0;
while (reader.Read())
{
count = count + 1;
}
if(count ==1)
{
MessageBox.Show("Username and password is correct");
}
else if (count > 1)
{
MessageBox.Show("Duplicate Found");
}
else
{
MessageBox.Show("Username/Password Incorrect");
}
connection.Close();
}
trying to use this code to pull usn and pass for login, and get this error, tried looking around for a solution but haven’t found any similar to my issue, i understand this is probably something really basic but please go easy as i’ve only been playing around with c# a couple weeks and this is my first attempt at using databases.
not trying to do any security features just trying to work out why when i enter text and click login this error appears, i have been following a youtube video try and self teach (as much as you can with this subject) however he doesn’t hit this error and i have googled myself into oblivion.
thanks in advance, anymore information required let me know as this is my first time posting.
asked Dec 7, 2018 at 11:14
11
You need to insert the parameters to be replaced on your query for your actual values, query and parameters are separated on the OleDbCommand, try replacing your cmd.CommandText like this
command.CommandText = "select * from Cafelist where Username = @UserName and Password = @UserPass";
Then you need to give the parameters to the cmd like this:
cmd.Parameters.AddRange(new OleDbParameter[]
{
new OleDbParameter("@UserName", txtUsn.Text),
new OleDbParameter("@UserPass", txtPass.Text),
...
});
answered Dec 7, 2018 at 12:43
Diego OsornioDiego Osornio
8051 gold badge10 silver badges20 bronze badges
1
- 1.7k
- 474
- 194.4k
when i use this code in my project in vs 2012 and my Database is Access it display an error in this line » OleDbDataReader reader = command.ExecuteReader();»
The error is : » The SELECT statement includes a reserved word or an argument name that is misspelled or missing, or the punctuation is incorrect.»
what should i do for solving this error ?
Thanks for any help
Davood
——————————
This is my code :
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.OleDb;
using System.Configuration;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void DropDownList1_SelectedIndexChanged(object sender, EventArgs e)
{
string connectionString, queryString;
connectionString = ConfigurationManager.ConnectionStrings[«ostanConnectionString»].ToString();
queryString = «SELECT FROM situation where state ='» + DropDownList1.SelectedValue + «‘»;
using (OleDbConnection connection = new OleDbConnection(connectionString))
{
OleDbCommand command = new OleDbCommand(queryString, connection);
connection.Open();
OleDbDataReader reader = command.ExecuteReader();
DropDownList2.Items.Clear();
while (reader.Read())
DropDownList2.Items.Add(reader[«city»].ToString());
reader.Close();
connection.Close();
}
}
}
Answers (2)
