Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Exception "Invalid column name 'False' with SqlConnection

I'm getting an exception Invalid column name 'False' at the statement

reader = cmd.ExecuteReader(CommandBehavior.SingleRow);

I'm understanding that this may have something to do with SQL's boolean type being a "bit" and it not converting false to 0. How do you mitigate that, or is that the issue here?

    public override bool ValidateUser(string username, string password)
    {
        bool isValid = false;

        SqlConnection conn = new SqlConnection(connectionString);
        SqlCommand cmd = new SqlCommand("SELECT Password, IsApproved FROM Users" +
                " WHERE Email = @Email AND ApplicationName = @ApplicationName AND IsLockedOut = False", conn);

        cmd.Parameters.Add("@Email", SqlDbType.NVarChar, 128).Value = username;
        cmd.Parameters.Add("@ApplicationName", SqlDbType.NVarChar, 255).Value = m_ApplicationName;

        SqlDataReader reader = null;
        bool isApproved = true;
        string pwd = "";

        try
        {
            conn.Open();

            reader = cmd.ExecuteReader(CommandBehavior.SingleRow);

            if (reader.HasRows)
            {
                reader.Read();
                pwd = reader.GetString(0);
                isApproved = reader.GetBoolean(1);
            }
            else
            {
                return false;
            }

            reader.Close();

            if (CheckPassword(password, pwd))
            {
                if (isApproved)
                {
                    isValid = true;

                    SqlCommand updateCmd = new SqlCommand("UPDATE Users SET LastLoginDate = @LastLoginDate" +
                                                            " WHERE Email = @Email AND ApplicationName = @ApplicationName", conn);

                    updateCmd.Parameters.Add("@LastLoginDate", SqlDbType.DateTime).Value = DateTime.Now;
                    updateCmd.Parameters.Add("@Email", SqlDbType.NVarChar, 255).Value = username;
                    updateCmd.Parameters.Add("@ApplicationName", SqlDbType.NVarChar, 255).Value = m_ApplicationName;

                    updateCmd.ExecuteNonQuery();
                }
            }
            else
            {
                conn.Close();

                UpdateFailureCount(username, "password");
            }
        }
like image 444
RyanJMcGowan Avatar asked Jun 03 '12 07:06

RyanJMcGowan


1 Answers

Use IsLockedOut =0 for checking for false.

IsLockedOut is a field with bit datatype that stores 0 for false and 1 for true.

So same is used in query/

If IsLockedOut is varchar field then Use IsLockedOut='False' while comparing string compare.

like image 74
Romil Kumar Jain Avatar answered Oct 06 '22 13:10

Romil Kumar Jain