Reputation: 3
How to solve this error in ASP.NET
I am beginner in asp.net and sql server. I have created a database in sql server 2014 with sql authentication.
Here is my code :
Registration.aspx.cs
public partial class Registration : System.Web.UI.Page
{
SqlConnection con = new SqlConnection(@"Data Source=DESKTOP-U9DUN78\SQLEXPRESS;Initial Catalog=LoginRegisterData;Persist Security Info=True;User ID=sa;Password=***********;Pooling=False");
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
con.Open();
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "insert into UserDetails values('" + TextBoxUsername.Text + "','" + TextBoxEmailid.Text+ "','" + TextBoxPassword.Text + "','" + TextBoxDate.Text + "','" + DropDownListCountry.SelectedItem + "')";
cmd.ExecuteNonQuery();
con.Close();
}
catch(Exception ee)
{
Response.Write(ee);
}
}
I want to store data into sql server database. The following snap is the error that I am getting :
Upvotes: 1
Views: 250
Answers (2)
Reputation: 1637
Tested on Sql Server 2008 R2. As @etoisarobot says, configure the server as above to accept both SQL and Windows authentication. Someone who is an administrator (hopefully you) then connects using Windows authentication. Run this script to change sa password - that way you know you have the right password. Run this script:
ALTER LOGIN [sa] WITH PASSWORD='PickAPassword', CHECK_POLICY=OFF
GO
ALTER LOGIN [sa] ENABLE
GO
Restart 'Sql Server' service to make changes take effect.
You should then be able to login as sa.
As others have stated, you should create a new login account other than sa with only the permissions they need eg datareader and datawriter. You don't want to give users permissions to change table structures etc.
Even more secure is to give only datareader permissions and grant execute on stored procedures. This link shows how: GRANT EXECUTE to all stored procedures.
You give up the ability use UPDATE, INSERT, DELETE statements and there is a bit of work to write stored procedures to do those updates. But you can then control how data is updated. You don't want users to be able to execute DELETE MyPreciousTable when they intended DELETE MyPreciousTable WHERE id = 123456789.
You can use GRANT and DENY commands as administrator to fine tune what outside users are allowed to do.
Upvotes: 1
Reputation: 7794
As others have said it is probably just a bad password. To make sure Sql Server authentication is enabled in SSMS right click on the instance, Select properties and make sure Sql Server and Windows Authentication is selected.
Also...
To create and test connections strings you can create a new text file and rename it to anything.udl. If you double click on it you'll be able to create and test connection strings for a few different connection types. If you save your changes and then open the file in notepad you will see the connection string in the format you need.
You should not be connecting to your db with sa as if you have a sql injection vulnerability (like you do) the damage that can be caused is much greater that if you have just a regular user.
Before you do anything else, please read up on sql injection as the code you have written is a text book example.
Upvotes: 1
Related Questions
- How do I remedy "The breakpoint will not currently be hit. No symbols have been loaded for this document." warning?
- How to add a column with a default value to an existing table in SQL Server?
- How to enumerate an enum?
- How do I cast int to enum in C#?
- How do I UPDATE from a SELECT in SQL Server?
- How to iterate over a dictionary?
- How do I generate a random integer in C#?