2

I have a hard time figuring out what is wrong about my code. The purpose is to take data from a registering form in ASP to my user data columns in my SQL database.

SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["Connection"].ConnectionString);        

try
{
    string cmd = "insert into UserLogin 
    values(@UserName,@Password)";

    SqlConnection cnn = new SqlConnection(cmd);
    SqlCommand cmd2 = new SqlCommand(cmd, cnn);
    cmd2.Parameters.AddWithValue("@UserName", UsernameBox.Text);
    cmd2.Parameters.AddWithValue("@Password", PasswordBox.Text);

    cnn.Open();
    cmd2.ExecuteNonQuery();
Improve this question
5
  • 1
    SqlCommand cmd2 = new SqlCommand(cmd, connection); Commented Apr 10, 2019 at 12:24
  • what is wrong about my code - What is wrong? Do you get any error? Commented Apr 10, 2019 at 12:27
  • 1
    I hope you're not storing passwords as plain text in the database? Commented Apr 10, 2019 at 12:36
  • Storing passwords as plain text is pretty much criminal negligence. Unless this is a school project you need to fix that immediately. Passwords should be salted and hashed. Also, AddWithValue has some pretty interesting nuances you need to careful of. blogs.msmvps.com/jcoehoorn/blog/2014/05/12/… Commented Apr 10, 2019 at 13:44
  • Yeah this is just a practice on how to do it, not a database that is used publicly. Commented Apr 11, 2019 at 12:16

2 Answers 2

Reset to default
2

You're using the connection string in the connection variable but the variable you're passing to SqlCommand is cnn which doesn't have a valid connection string associated with it.

I've cleaned up your code and made use of using block to ensure the correct manner of disposing the object. Please see below:

string connectionString = ConfigurationManager.ConnectionStrings["Connection"].ConnectionString;

using (var con = new SqlConnection(connectionString))
{
   string query = "insert into UserLogin values(@UserName, @Password)";
   using (var cmd = new SqlCommand(query, con))
   {
      cmd.Parameters.AddWithValue("@UserName", UsernameBox.Text);
      cmd.Parameters.AddWithValue("@Password", PasswordBox.Text);

      con.Open();
      cmd.ExecuteNonQuery();
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You have two SqlConnection variable and assigning wrong one in the SqlCommand. The working code will be:

SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["Connection"].ConnectionString);        

try
{
    string cmd = "insert into UserLogin values(@UserName, @Password)";

    SqlCommand cmd2 = new SqlCommand(cmd, connection);
    cmd2.Parameters.AddWithValue("@UserName", UsernameBox.Text);
    cmd2.Parameters.AddWithValue("@Password", PasswordBox.Text);

    cnn.Open();
    cmd2.ExecuteNonQuery();
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.