bootle bootle - 3 months ago 18
Vb.net Question

asp.net registration page not working properly

I am creating a simple registration page and the error I get - I believe has to do with vb not being able to find the table I have created, yet I made it locally in vb.

Here is the error I get:


An exception of type 'System.Data.SqlClient.SqlException' occurred in
System.Data.dll but was not handled in user code

Additional information: Incorrect syntax near the keyword 'Table'.


Any help would be fantastic.

Below I have posted the code that I have down so far:

using System;
using System.Collections.Generic;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Net.Mail;

public partial class Register : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack)
{
SqlConnection conn =
new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
conn.Open();
string checkuser = userchecker();
SqlCommand com = new SqlCommand(checkuser, conn);
int temp = changehere(com);
conn.Close();
if (temp == 1)
{
Response.Write("User Already Exists");
}

}
}

private string userchecker()
{
return "select count(*) from Table where UserName='" + TextBoxUN.Text + "'";
}

private static int changehere(SqlCommand com)
{
return Convert.ToInt32(com.ExecuteScalar().ToString());
}

protected void Button1_Click(object sender, EventArgs e)
{
try
{
Guid NEWguid = Guid.NewGuid();

SqlConnection conn =
new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
conn.Open();
string insertQuery = "insert into Table (ID, UserName, Email, Password) values (@ID, @Uname , @email, @password)";
SqlCommand com = new SqlCommand(insertQuery, conn);
com.Parameters.AddWithValue("@ID", NEWguid.ToString());
com.Parameters.AddWithValue("@Uname", TextBoxUN.Text);
com.Parameters.AddWithValue("@email", TextBoxEmail.Text);
com.Parameters.AddWithValue("@password", TextBoxPass.Text);
com.ExecuteNonQuery();
Response.Redirect("manager.aspx");
Response.Write("Registration successful");
conn.Close();
}
catch (Exception)
{
Response.Write("Error:");
}
}

protected void TextBoxEmail_TextChanged(object sender, EventArgs e)
{

}
}

Answer

Try this:

private string userchecker()
{
    return "select count(*) from [Table] where UserName='" + TextBoxUN.Text + "'";
}

See the [] around Table, this is because Table is a reserved word in all SQL variants and you should escape it

Comments