Parameter problems in SqlCommand

0

I am developing a service registry, the first screen is the one of login and I need to take the position of the user that logged in and indicate a form for it, my code is like this:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient;  

namespace PesadaoFinal
{
    public partial class frmLogin : Form
    {

        SqlConnection conn = null;
        private string conexao = @"Data Source=(LocalDB)\v11.0;AttachDbFilename=C:\Users\Breno\Documents\Visual Studio 2013\Projects\PesadaoFinal\PesadaoFinal\bd\pesadao_db.mdf;Integrated Security=True;Connect Timeout=30";
        private string consulta = string.Empty;

        public frmLogin()
        {
            InitializeComponent();
        }
        public void logar(){


            conn= new SqlConnection(conexao);

            try{
                string usuario, senha, cargo;

                usuario = txtUsu.Text;
                senha=txtSenha.Text;
                SqlDataReader verCargo = null;


                if(usuario==string.Empty && senha==string.Empty){

                    MessageBox.Show("Usuário e senha devem ser digitados!");
                }
                else if (usuario != null && senha != null)
                {
                    consulta = @"SELECT COUNT(cpf) FROM funcionarios WHERE login = @usuario AND senha = @senha";
                    SqlCommand novoLogin = new SqlCommand(consulta, conn);
                    novoLogin.Parameters.Add(@usuario, SqlDbType.VarChar).Value = usuario;
                    novoLogin.Parameters.Add(@senha, SqlDbType.VarChar).Value = senha;

                    conn.Open();


                    int rs = (int)novoLogin.ExecuteScalar();
                    if (rs > 0)
                    {
                        verCargo = novoLogin.ExecuteReader();
                        cargo = verCargo[7].ToString();
                        if (cargo == "funcionario")
                        {
                            formFunc novoForm = new formFunc();
                            this.Dispose();

                        } if (cargo == "diretor")
                        {
                            frmDiretor novoForm = new frmDiretor();
                            this.Dispose();

                        } if (cargo == "TI")
                        {
                            formTI novoForm = new formTI();
                            this.Dispose();


                        }
                        else
                        {
                            MessageBox.Show("Usuário ou Senha inválidos!");
                        }
                    }

                }


            }catch(SqlException erroBD){
                MessageBox.Show(erroBD +"Erro no banco");

            }


        }
        private void frmLogin_Load(object sender, EventArgs e)
        {


        }

        private void btnLogar_Click(object sender, EventArgs e)
        {
            logar();
        }
    }
}

and the error message you are giving is this:

    
asked by anonymous 20.12.2014 / 21:19

1 answer

1

Your problem is probably here:

novoLogin.Parameters.Add(@usuario, SqlDbType.VarChar).Value = usuario;
novoLogin.Parameters.Add(@senha, SqlDbType.VarChar).Value = senha;

You should use the double quotation marks:

novoLogin.Parameters.Add("@usuario", SqlDbType.VarChar).Value = usuario;
novoLogin.Parameters.Add("@senha", SqlDbType.VarChar).Value = senha;

The way you did it, you were passing the content of the variables usuario and senha as parameter names and not @usuario and @senha as you had defined. You can understand a little more of @ in that question What does the @ sign mean in @ C #? . p>

Looking at the continuation of your code, I believe you will have one more problem

int rs = (int)novoLogin.ExecuteScalar();
if (rs > 0)
{
    verCargo = novoLogin.ExecuteReader();
    cargo = verCargo[7].ToString(); \ <<--------- aqui

Select that you did in novoLogin only has one column, and you try to access column 7, you will probably have to adjust the CommandText of novoLogin to work.

Another point would be the fact that you are not displaying% created%:

frmDiretor novoForm = new frmDiretor();
novoForm.Show(); // ou dependendo de como você fizer novoForm.ShowDialog();
this.Dispose();

You could also use Form and some if instead of just else if to check charges.

    
22.12.2014 / 11:46