2

Following is code:

 string checkuser = "select * from [User] where UserName='" + txtusername.Text + "'";
 SqlCommand com = new SqlCommand(checkuser, con);
 int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
 con.Close();
 if (temp == 1)

Problem:

whenever i run following code it gives error that Input string was not in a correct format.

Improve this question
2
  • 2
    It will be erroing on the Convert to int. This command will return all of the text in all of the fields. You are then trying to convert all of this text to an integer that will fail. You could change the SQL query to use "select count(*) from..." instead and this should then work. Commented Apr 16, 2014 at 10:14
  • What are you intending to store in 'temp'? Commented Apr 16, 2014 at 10:19

3 Answers 3

Reset to default
3

try with 

string checkuser = "select count(*) from [User] where UserName=@UserName";

your problem is ExecuteScalar return the first row , first column value of the result and it can't convert to a integer

if you have number column , for example age, do as below 

string checkuser = "select age from [User] where UserName=@UserName";

your SQL statement widely open for sql injection attacks, you better use parameters 

string sql= "select count(*) from [User] where UserName = @UserName";
using(SqlConnection con = new SqlConnection(conString))
using(SqlCommand cmd= new SqlCommand(sql, con))
{
   con.Open();
   cmd.Parameters.AddWithValue("@UserName", txtusername.Text);
   int temp = Convert.ToInt32(cmd.ExecuteScalar().ToString());
   if(temp == 1)
   {}
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

ExecuteScalar returns first column of the first row the result of your query. And looks like your com.ExecuteScalar().ToString() is not a valid integer, that's why you get this error.

If you want to count your query, you need to use SELECT COUNT(*) instead of SELECT *

And please use parameterized queries. This kind of string concatenations are open for SQL Injection attacks.

Also use using statement to dispose your SqlConnection and SqlCommand like;

using(SqlConnection con = new SqlConnection(strConnString))
using(SqlCommand com = con.CreateCommand())
{
   string checkuser = "select COUNT(*) from [User] where UserName = @user";
   com.CommandText = checkuser;
   com.Parameters.AddWithValue("@user", txtusername.Text);
   int temp = (int)com.ExecuteScalar();
   if(temp == 1)
   ///
}

Also you can use ExecuteScalar for getting first row of the specific column value with specifiying column in your query like SELECT columnname from [User]...

Improve this answer

Comments

0

You should return a scalar value. But, in your query you are returning a result set which is not compatible with String type.

So, modify your query as follows:

string checkuser = "select count(*) from [User] where UserName='" + txtusername.Text + "'";

The above returns only a single value that can fit into string.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.