Click here to Skip to main content
15,891,895 members
Search within:


How to solve this-the connectionstring property has not been initialized.
Please Sign up or sign in to vote.
1.00/5 (1 vote)
I am trying to code for login in asp.net web application form. using sql data base.
i am getting error this- "The ConnectionString property has not been initialized."
Here i get error dialogbox extension-
con = new SqlConnection(str);
           con.Open();
           str = "Select count(*) from admin where UserName='" + (TextBox1.Text) + "'
            and Password='" + (TextBox2.Text) + "' ";
           cmd = new SqlCommand(str, con);
           int temp = Convert.ToInt32(cmd.ExecuteScalar().ToString());
           SqlDataReader sdr = cmd.ExecuteReader();


the error pointer shows here-"con.open();"

And My web.config file is-<?xml version="1.0"?>

<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->

<configuration>
<connectionStrings>
<add name="NoveltySystemConnectionString" connectionString="Data Source=HOME-PC\SQLEXPRESS;Initial Catalog=NoveltySystem;Integrated Security=True;Pooling=False" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
</system.web>

</configuration>


Please anyone help me quick..Thankyou

What I have tried:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data.Sql;
using System.Configuration;
using System.Data;

namespace NovletyShop
{
    public partial class Login : System.Web.UI.Page
    {
        String str;
        SqlConnection con;
        SqlCommand cmd;
        
       
        protected void Page_Load(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection();
            var constring = ConfigurationManager.ConnectionStrings["NoveltySystemConnectionString"].ConnectionString;
           
            
        }

        protected void loginB_Click(object sender, EventArgs e)
        {

            con = new SqlConnection(str);
            con.Open();
            str = "Select count(*) from admin where UserName='" + (TextBox1.Text) + "' and Password='" + (TextBox2.Text) + "' ";
            cmd = new SqlCommand(str, con);
            int temp = Convert.ToInt32(cmd.ExecuteScalar().ToString());
            SqlDataReader sdr = cmd.ExecuteReader();
           
            con.Close();
            if (sdr.Read()) 
            {
                Session["User"] = TextBox1.Text;
                Response.Redirect("AdBooks.aspx");
            }
            else
            {
                Response.Write("<script>alert('Somting Wrong..');</script>");

            }
        }
    }
}
Posted
Updated 16-Jan-19 23:28pm
Add a Solution

3 solutions

In the load event you put the connecting string in "constring" but you use "str" when opening it, which is a string variable you haven't put anything in yet. Also you define constring in the load event so it isn't available outside of that event. Change the code to

namespace NovletyShop
{
    public partial class Login : System.Web.UI.Page
    {
        String str;
        String constring;
        SqlConnection con;
        SqlCommand cmd;
        
       
        protected void Page_Load(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection();
            constring = ConfigurationManager.ConnectionStrings["NoveltySystemConnectionString"].ConnectionString;
           
            
        }

        protected void loginB_Click(object sender, EventArgs e)
        {

            con = new SqlConnection(constring);
 
Share this answer
 
Posted
Check the actual string in the debugger: put a breakpoint on the line
con = new SqlConnection(str);
and look at exactly what str contains. At a guess, it's null or the empty string because the connection string read code hasn't been executed, or the web.config isn't what you think it is.
Either way, we can't check for you - it needs your code running to look at what is going on, and we can't do that for you - which means the debugger!

But don't do your code like that (particularly not in a web based system!)
Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
SQL
DROP TABLE MyTable;
A perfectly valid "delete the table" command
SQL
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

And never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
 
Share this answer
 
Posted
Comments
Member 14083059 17-Jan-19 3:35am    
Thank you sir giving your response @OriginalGriff
OriginalGriff 17-Jan-19 3:40am    
You're welcome!
Member 14083059 17-Jan-19 4:25am    
but my error not solve
Member 14083059 17-Jan-19 4:25am    
but my error not solve
OriginalGriff 17-Jan-19 4:38am    
That's because you didn't read what I said:

"Either way, we can't check for you - it needs your code running to look at what is going on, and we can't do that for you - which means the debugger!"

So use the debugger, and find out what is in the string. When you know that, you can start looking for why it's like that - but until you do, you know nothing except "something failed".
Fixing a problem like this needs your code running; it can't be fixed without that. And we can't run your code: we don't have most of it, we don't have access to your DB, or even your DB server!
So you need to do the "donkey work" - gather information and start working out why it's the way it is!
Well, in load event you are reading connection string from config in a local block variable constring , initialize your global variable str with connection sting.

partial class Login : System.Web.UI.Page
    {
        String str;
        SqlConnection con;
        SqlCommand cmd;        
       
        protected void Page_Load(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection();
            str = ConfigurationManager.ConnectionStrings["NoveltySystemConnectionString"].ConnectionString;
}
protected void loginB_Click(object sender, EventArgs e)
        {

            con = new SqlConnection(str);
            con.Open();            
        }
    }
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 17 Jan 2019
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900