Sql command throwing null reference exception in asp dot net using c#

Question

My sql command is throwing null reference exception in asp dot net using c#

This is my code :

SqlConnection cn = new SqlConnection("server=.;database=online_blog;integrated security=true");
cn.Open();

SqlCommand cmd3 = new SqlCommand("UPDATE profiles SET fname = '" + TextBox5.Text + "', lname = '" + TextBox6.Text + "', logname = '" + TextBox7.Text + "', dob = '" + TextBox10.Text + "', highsc = '" + TextBox8.Text + "', coll = '" + TextBox9.Text + "', country = '" + TextBox11.Text + "', state = '" + TextBox12.Text + "', hometown = '" + TextBox13.Text + "', languages = '" + TextBox14.Text + "', aboutme = '" + TextBox15.Text + "', gender = '" + RadioButtonList1.SelectedValue + "', photo = '" + Session["photo"].ToString() + "' where logname = 'saraf' ", cn);


    try
    {
        cmd3.ExecuteNonQuery();
        Response.Write("       New Account Updated");
        Session["username"] = TextBox7.Text;
    }
    catch
    {
        Response.Write("\nerror occured");
    }
    cn.Close();

Session ["photo"] is initialised....so dont worry about that

The line in which i m creating the new SqlCommand is Throwing Exception

Answer 1

from your description of the line that is throwing, one of the UI elements is not initialized. Which one? Only you can find out - set a breakpoint and debug it. Hover over all the components until you find the null.

But that really is very bad code:

• mixing UI, data access, session and response all at once (separation of concerns)
• concatenation of user input is a massive security risk (SQL injection)
• no using statements for the connection/command (risk of pool saturation)
• crude error handling (that will stomp on any UI)
• the names... How about username.Text - do you see how that is clearer?