Click here to Skip to main content
15,867,568 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more: , +
can anybody solve a issue that occurs every time when i loading crystal report, it is asking for logon information

What I have tried:

<pre>  private void button1_Click(object sender, EventArgs e)
        {
            if (TxtCustomer.Text == "" && TxtSONofrom.Text == "" && TxtSONoto.Text == "" && DTSODateFrom.Text != "" && DTSODateTO.Text != "")
            {
                if (MessageBox.Show("Do You Want to Print This Report?", "YESNO", MessageBoxButtons.YesNo) == DialogResult.Yes)
                {
                    BrownERP.ReportViewer cr = new BrownERP.ReportViewer();
                    cr.BringToFront();
                    cr.Show();
                    BrownERP.QuatationReport QTNREP = new BrownERP.QuatationReport();
                    SqlConnection con = new SqlConnection(connectionpath);
                    con.Open();
                    SqlCommand cmd = new SqlCommand("select * from Tbl_QTN where SODate between CONVERT(DATETIME,'" + DTSODateFrom.Text + "',103) and CONVERT(DATETIME,'" + DTSODateTO.Text + "',103) ", con);
                    SqlDataAdapter sda = new SqlDataAdapter(cmd);
                    DataSet ds = new DataSet();
                    sda.Fill(ds, "Tbl_QTN");
                    QTNREP.SetDataSource(ds);
                
                    cr.CRV.ReportSource = QTNREP;
                    cr.CRV.Refresh();
                    con.Close();

                }
                else
                {
                    this.Close();
                }
            }
        }
Posted
Updated 6-Jan-21 19:52pm
Comments
Mycroft Holmes 28-Nov-18 3:45am    
You used to be able to embed and /or pass credentials into the report or use a specific userid for all reports, we call them functional IDs.
Richard Deeming 28-Nov-18 10:35am    
SqlCommand cmd = new SqlCommand("select * from Tbl_QTN where SODate between CONVERT(DATETIME,'" + DTSODateFrom.Text + "',103) and CONVERT(DATETIME,'" + DTSODateTO.Text + "',103) ", con);


Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
Sherif Clemnt 29-Nov-18 3:39am    
i think u didn't understand my question my SQL quary is not a problem. every time i give print crystal report asking for logon information......
after logon report coming
Richard Deeming 29-Nov-18 7:01am    
Your code contains a critical security vulnerability. One so simple that a three-year-old child can exploit it[^].

Whether or not that's related to the problem you're describing, it's something you URGENTLY need to fix.

1 solution

You need to pass logon info dynamically in your code to avoid this issue. Agree with others, take a look at SQL Injection.
C# Crystal Reports Dynamic Logon parameters[^]
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900