Click here to Skip to main content
15,867,141 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
Please anyone can help me in this issue? I have a method like this:
C#
public DataTable login(string Username, string Password)
        {
            try
            {
                string sqlstr;
                sqlstr = "SELECT * FROM Login WHERE Username = '" + Username + "' AND Password = '" + Password + "' ";
                con = new SqlConnection(clsConnection.strconnection);
                con.Open();

                da = new SqlDataAdapter();
                da.SelectCommand = new SqlCommand();
                da.SelectCommand.CommandText = sqlstr;
                da.SelectCommand.Connection = con;
                da.SelectCommand.CommandType = System.Data.CommandType.Text;
                da.SelectCommand.ExecuteNonQuery();

                DataTable dt = new DataTable();
                da.Fill(dt);
                return dt;
                
            }
            catch (Exception ee)
            {
                MessageBox.Show(ee.Message);
            }


Once I run this method an error message appears as not all paths return a value.
My SQL database table is Login and like this:

Username varchar(25)
Password varchar(25)


That's it.

Please any one can tell me why this error message occurs.

Thanks in Advance.
Posted
Updated 17-Aug-11 0:49am
v2

in your catch add:
return null;
 
Share this answer
 
v2
Comments
Reiss 17-Aug-11 6:54am    
If you are going to do that, I would rather it went in a finally block - less chance of missing it during a refactoring exercise.
Simon Bang Terkildsen 17-Aug-11 7:02am    
I beleave the OP should to become comfortable with using try-catch before he looks into try-catch-finally or try-finally
ruzan hizar 17-Aug-11 7:01am    
Thanks a lot All my friends..
It works.
thanks once again...
while digimanus is completely correct except for a missing l, I feel you need a little explanation why.

C#
try
{
    // The try-block
}
catch(Exception e)
{
    // The catch-block
}


When code are executed in your try-block and then throws an exception then the rest of the code in the try-block are skipped (including a return statement) and then the code in the catch-block is executed, so if you do not have a return statement in or after the catch-block the compiler doesn't know what should be returned.

I'll try to give you an example, read my comments in the code:
C#
public DataTable login(string Username, string Password)
{
    try
    {
        string sqlstr; 
        sqlstr = "SELECT * FROM Login WHERE Username = '" + Username + "' AND Password = '" + Password + "' ";
        con = new SqlConnection(clsConnection.strconnection);
        con.Open();
 
        da = new SqlDataAdapter();
        da.SelectCommand = new SqlCommand();
        da.SelectCommand.CommandText = sqlstr;
        da.SelectCommand.Connection = con;
        da.SelectCommand.CommandType = System.Data.CommandType.Text;
        da.SelectCommand.ExecuteNonQuery(); // This throws an exception
 
        // Then these 3 lines are not executed
        DataTable dt = new DataTable();
        da.Fill(dt);
        return dt;
    }
    catch (Exception ee)
    {
        // This is executed
        MessageBox.Show(ee.Message);
        // So if you do not have a return statement here..
    }
    // ..or a return statement here, then the you can't compile, because 
    // the compiler doesn't know what value should be returned in the case that 
    // somthing in your try-block throws an exception.
}
 
Share this answer
 
Comments
Reiss 17-Aug-11 7:05am    
Good explanation.
Simon Bang Terkildsen 17-Aug-11 7:18am    
Thank you
ruzan hizar 17-Aug-11 7:05am    
Thanks for the Explanation ..
Thanks a lot
Simon Bang Terkildsen 17-Aug-11 7:18am    
Anytime my friend
Uday P.Singh 17-Aug-11 9:23am    
good one my 5!
Looks like you're storing the password as plain text in the database. If that's really the case, don't do so.

Instead use hashing for the password, store the hash to the database and compare the user input to the hash value.

For more info, look for example: http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider.aspx[^].
 
Share this answer
 
Comments
Reiss 18-Aug-11 3:14am    
Very important tip - I shouldn't be surprised anymore, but I see this nearly everytime I work for a new customer.
Wendelius 18-Aug-11 11:14am    
Thanks :)
I would alter you code to be more like below as the code inside the try block should be as small as possible.

C#
public DataTable login(string Username, string Password)
{
  SqlConnection con = new SqlConnection(clsConnection.strconnection);

  DataTable dt = new DataTable();

  string sqlstr = "SELECT * FROM Login WHERE Username = '" + Username + "' AND Password = '" + Password + "' ";

  SqlDataAdapter da new SqlDataAdapter();
  da.SelectCommand = con.CreateCommand();
  da.SelectCommand.CommandText = sqlstr;
  da.SelectCommand.Connection = con;
  da.SelectCommand.CommandType = System.Data.CommandType.Text;
  
  try
  {
    con.Open();
 
    da.SelectCommand.ExecuteNonQuery();
 
    da.Fill(dt);
  }
  catch (Exception ee)
  {
    MessageBox.Show(ee.Message);
  }
  finally
  {
    con.Close();
  }

  return dt;
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900