未设置对象引用

时间:2018-11-20 18:51:55

标签: c# asp.net

public static Boolean ValidateUser(string struser, string strpass)
{
    // Establish connection information
    SqlConnection conn_string = new   SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["Data Source=137.145.169.3;Initial Catalog=SICI4266;Persist Security Info=True;User ID=SICI4266G3;Password=*******"].ConnectionString);
    // Establish SQL command
    SqlCommand sql_comm = new SqlCommand("SELECT count(userID) FROM HIEPA.HIEPA_USERS where UserName = @usuario and UserPassword = @contrasena ; ", conn_string);
    // Provide Parameter values
    sql_comm.Parameters.AddWithValue("@usuario", struser);
    sql_comm.Parameters.AddWithValue("@contrasena", strpass);
    // Open the connection
    conn_string.Open();
    // Execute the SQL command and assign the resulting value to an integer variable
    Int32 intUserCount = Convert.ToInt32(sql_comm.ExecuteScalar());
    // Close the connection
    conn_string.Close();
    // Evaluate the integer variable content; greater than cero is a valid combination
    if (intUserCount == 1)
    {
        return true;
    }
    else
    {
        return false;
    }
}

有人可以告诉我为什么提示此错误吗?

enter image description here

2 个答案:

答案 0 :(得分:1)

异常结果中红色突出显示的行中的该表达式为null

System.Configuration.ConfigurationManager.ConnectionStrings["Data Source=137.145.169.3;Initial Catalog=SICI4266;Persist Security Info=True;User ID=SICI4266G3;Password=*******"]

它为null,因为Connection[]属性需要字符串的 name ,而不是完整的字符串。它正在尝试在集合中查找字符串,没有找到那么长的大块文本,因此返回null

鉴于上述情况,您然后尝试引用.Connection引用的null字符串属性。好像您已经这样做:

null.ConnectionString;

要么更改该代码以使用web.config文件中列出的连接字符串的名称,要么由于您拥有完整的字符串,因此已经将该字符串直接提供给SqlConnection()构造函数。无论哪种方式,都应该清除该代码:

//comments should focus on "why", rather than "what"
public static Boolean ValidateUser(string struser, string strpass)
{
    using (var conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["conn string name"].ConnectionString))
    using (var sql_comm = new SqlCommand(""SELECT count(userID) FROM HIEPA.HIEPA_USERS where UserName = @usuario and UserPassword = @contrasena ; ", conn))
    {
        //Don't use AddWithValue(). It forces ADO.Net to guess about parameter types.
        //Use exact column types and lengths instead
        sql_comm.Parameters.Add("@usuario", SqlDbType.NVarChar, 50).Value = struser;
        //Dear God, please tell me you're not using a plain-text password? That's a HUGE mistake!
        sql_comm.Parameters.Add("@contrasena", SqlDbType.NVarChar, 180).Value = strpass;

        conn.Open();
        return (1 == (int)sql_comm.ExecuteScalar());
    }
}

答案 1 :(得分:0)

如果在web.config中具有此名称,则表示您的连接字符串名称为“默认”

<connectionStrings>
    <add name="Default" connectionString="Data Source=137.145.169.3;Initial Catalog=SICI4266;Persist Security Info=True;User ID=SICI4266G3;Password=*******" providerName="System.Data.SqlClient" />
<connectionStrings>

因此,在代码中添加连接字符串的正确方法是-

SqlConnection conn_string = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["Default"].ConnectionString);