我越来越对象引用不设置到对象的实例 [英] I am getting Object reference not set to an instance of an object

问题描述

我修改了code这一个，但现在我得到的另一个问题是不设置到对象的实例对象引用。错误的是：

 字符串密码= Pass.ExecuteScalar（）的ToString（）更换（，）。;
保护无效btn_login_Click（对象发件人，EventArgs的发送）
{
    康涅狄格州的SqlConnection =新的SqlConnection（
       ConfigurationManager中
      .ConnectionStrings [RegistrationCTIConnectionString]的ConnectionString）。
    conn.Open（）;
    从字符串checkuser =SELECT COUNT（*）[tblEmployee]
                                            其中userid ='+ txt_userID +';
    COM的SqlCommand =新的SqlCommand（checkuser，康涅狄格州）;
    INT TEMP = Convert.ToInt32（com.ExecuteScalar（）的ToString（））;
    conn.Close（）;
    如果（温度！= 1）
    {
        conn.Open（）;
        字符串checkPassword =选择密码[tblEmployee]
                                             其中userid ='+ txt_userID +';
        的SqlCommand通=新的SqlCommand（checkPassword，康涅狄格州）;
        。字符串密码= Pass.ExecuteScalar（）的ToString（）更换（，）;
        如果（密码== txt_password.Text）
        {
            会话[新] = txt_userID.Text;
            的Response.Write（密码是正确的。）;
            的Response.Redirect（〜/ Homepage.aspx）;
        }
    }
    其他
    {
        的Response.Write（登录不正确。）;
    }
}
 

解决方案

你最好不要做这样的事情...

  VAR密码= Pass.ExecuteScalar（）;如果（密码！= NULL）
    Password.ToString（）更换（，）;
 

通过调用的ToString（）或 .Replace（）等上的对象这可能是空，你会得到这个异​​常。

下面的行如果（温度！= 1），必须如（温度！= 0） ，因为你输入code块如果没有找到用户。在如果语句你的下一个SQL查询不会找到一个用户，如果previous结果是 0 。因此，密码将空，因此错误。

此外，作为一个侧面说明，以帮助prevent SQL注入 ：

 字符串checkPassword =从[tblEmployee]其中userid = @帐户密码;
的SqlCommand通=新的SqlCommand（checkPassword，康涅狄格州）;
Pass.Parameters.Add（新的SqlParameter（用户ID，txt_userID））;
 

I have change the code to this one but now i am getting another issue which is Object reference not set to an instance of an object. the error is:

string Password = Pass.ExecuteScalar().ToString().Replace(" ", "");


protected void btn_login_Click(object sender, EventArgs e)
{
    SqlConnection conn = new SqlConnection(
       ConfigurationManager
      .ConnectionStrings["RegistrationCTIConnectionString"].ConnectionString);
    conn.Open();
    string checkuser = "Select count(*) from [tblEmployee] 
                                            where UserID= '" + txt_userID + "'";
    SqlCommand com = new SqlCommand(checkuser, conn);
    int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
    conn.Close();
    if (temp != 1)
    {
        conn.Open();
        string checkPassword = "Select Password from [tblEmployee] 
                                             where UserID= '" + txt_userID + "'";
        SqlCommand Pass = new SqlCommand(checkPassword, conn);
        string Password = Pass.ExecuteScalar().ToString().Replace(" ", "");
        if (Password == txt_password.Text)
        {
            Session["New"] = txt_userID.Text;
            Response.Write("Password is correct.");
            Response.Redirect("~/Homepage.aspx");
        }
    }
    else
    {
        Response.Write("Login is incorrect.");
    }
}

解决方案

You're better off doing something like this...

var Password = Pass.ExecuteScalar();

if (Password != null)
    Password.ToString().Replace(" ", ""); 

By calling .ToString() or .Replace() etc on an object that could be null, you will get this exception.

The line here if (temp != 1), needs to be if (temp != 0), since you will enter that code-block if it doesn't locate a user. Your next SQL query in the IF statement will not find a user, if the previous result was 0. So, the Password will be null, hence the error.

Also, as a side note, to help prevent SQL Injection:

string checkPassword = "Select Password from [tblEmployee] where UserID=@UserId";
SqlCommand Pass = new SqlCommand(checkPassword, conn);
Pass.Parameters.Add(new SqlParameter("UserId", txt_userID));

这篇关于我越来越对象引用不设置到对象的实例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！