System.NullReferenceException错误评价这个

本文介绍了System.NullReferenceException错误评价这个的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

你好家伙 此消息显示，我不知道如何处理 这里是代码

Hello guy this message shows up and i don't know what to do with here is the code

using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.Data.SqlClient; using System.Configuration; public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { if (IsPostBack) { SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString); conn.Open(); string checkuser = "select count (*) from UsersData where UserName= '" + UserName.Text + "'"; SqlCommand com = new SqlCommand(checkuser, conn); int temp = Convert.ToInt32(com.ExecuteScalar().ToString()); if (temp == 1) { Response.Write("User Already Exists"); } conn.Close(); } } protected void Submit_Click(object sender, EventArgs e) { try { Guid newGUDI = Guid.NewGuid(); SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["UsersConnectionString"].ConnectionString); conn.Open(); //line 35? string insertQuery = "insert into UsersData (ID, UserName, Password, CellPhone, DPT) values (@ID ,@Uname ,@Pass ,@Cell ,@DPT)"; SqlCommand com = new SqlCommand(insertQuery, conn); com.Parameters.AddWithValue("@ID", newGUDI.ToString()); com.Parameters.AddWithValue("@Uname", UserName.Text); com.Parameters.AddWithValue("@Pass", Password.Text); com.Parameters.AddWithValue("@DPT", DPT.SelectedItem.Text); com.ExecuteNonQuery(); Response.Redirect("UsersManger.aspx"); Response.Write("Registration SUCESSFULL"); conn.Close(); } catch (Exception ex) { Response.Write("Error:" + ex.ToString()); } } protected void DPT_SelectedIndexChanged(object sender, EventArgs e) { } }

谢谢。

thanks.

推荐答案

ExecuteScalar是执行查询，并返回查询返回的结果集中第一行的第一列。忽略其他列或行。 （MSDN）...如果没有找到记录则为null ... 所以...如果没有记录com.ExecuteScalar（）。ToString（）会给你一个空引用异常... 首先检查com.ExecuteScalar（）的结果！ ExecuteScalar is "Executes the query, and returns the first column of the first row in the result set returned by the query. Additional columns or rows are ignored." (MSDN)...or null if no records found... So...if no records com.ExecuteScalar().ToString() will give you a null reference exception... First check the result of com.ExecuteScalar()!

并添加彼得所说的，不要那样做！ 不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。 特别是对于一个网站，尤其是注册页面！否则，我可以访问您的网站，点击注册并删除您的数据库，而无需您知道我是谁或我可能在世界的哪个地方，只需输入用户名文本框...... And to add to what Peter says, don't do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. Particularly with a web site, and particularly with a sign up page! Otherwise, I can go to your site, click to sign up, and delete your database without you having any idea who the heck I am or where in the world I might be, just by typing in the "username" textbox...

您的代码不仅容易受到 SQL注入 [ ^ ]，你也用纯文本存储密码。 这是一个非常糟糕的主意。您应该只存储密码的盐渍哈希。 安全密码验证简单说明 [ ^ ] Salted Password Hashing - 正确行事 [ ^ ] Not only is your code vulnerable to SQL Injection[^], you're also storing passwords in plain text. That's a very bad idea. You should only ever store a salted hash of the password. Secure Password Authentication Explained Simply[^] Salted Password Hashing - Doing it Right[^]