An object reference is required for the non-static field, method, or property 'System.Web.UI.Page.Session.get'
Asked Answered
W

3

5

I'm getting error like

An object reference is required for the non-static field, method, or property 'System.Web.UI.Page.Session.get'

Can you suggest me to recover from this problem in session.

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using System.Web.Services;
    using System.Configuration;
    using System.Data.SqlClient;
    using System.Web.SessionState;

public partial class _Default : System.Web.UI.Page 
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    //Onclick Submit Button
    [WebMethod(EnableSession = true)]
    //[System.Web.Services.WebMethod(EnableSession = true)]
    public static string Login(string email, string password)
    {
        var con = new SqlConnection(ConfigurationManager.ConnectionStrings["blogConnString"].ConnectionString);
        con.Open();
        string res = "0";
        SqlDataReader reader;       
        string sql = "select uid,username from personal where email='" + email + "' and password='" + password + "'";
        SqlCommand cmd1 = new SqlCommand(sql, con);       
        reader = cmd1.ExecuteReader();
        while (reader.Read())
        {
            res = "1";
            Session["UID"] = reader["uid"].ToString();           //error line here
            Session["UNAME"] = reader["username"].ToString();    //error line here
         }
        return res;
        con.Close();
    }
}
Wally answered 12/3, 2014 at 9:38 Comment(1)
Please use parameterized queries. This kind of string concatenations are open for SQL Injection attacks. And use using statement to dispose your SqlConnection, SqlCommand and SqlDataReader.Coraleecoralie
H
6

Try this code and please be-ware of SQL Injection - to prevent it, use a Parametrized Query as follows:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Services;
using System.Configuration;
using System.Data.SqlClient;
using System.Web.SessionState;

public partial class _Default : System.Web.UI.Page 
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    //Onclick Submit Button
    [WebMethod(EnableSession = true)]
    //[System.Web.Services.WebMethod(EnableSession = true)]
    public static string Login(string email, string password)
    {
        var con = ConfigurationManager.ConnectionStrings["blogConnString"].ConnectionString;
        con.Open();
        string res = "0";
        SqlDataReader reader;       
        string sql = "select uid,username from personal where email=@Email and password=@Password";
        using(SqlConnection connection = new SqlConnection(con))
        {
            SqlCommand command = new SqlCommand(commandText, connection);
            command.Parameters.Add("@Email", SqlDbType.String);
            command.Parameters["@Email"].Value = email;

            command.Parameters.AddWithValue("@Password", password);       
            reader = command.ExecuteReader();
            while (reader.Read())
            {
               res = "1";
               HttpContext.Current.Session["UID"] = reader["uid"].ToString();           //Either Remove Static from Method Declaration or use HttpContext.Current along with session.
               HttpContext.Current.Session["UNAME"] = reader["username"].ToString();
            }
        }
        return res;
        con.Close();
    }
}
Himes answered 12/3, 2014 at 9:55 Comment(0)
I
5

Don't make your method static. It doesn't need to be static and it prevents you from using any non-static properties (like Session). Make it:

public string Login(string email, string password)
{
    ....
}

Also, don't concatenate SQL queries, especially with the values that come from the UI. This leaves you vulnerable to SQL injection. Use SQLParameters.

Indic answered 12/3, 2014 at 9:50 Comment(0)
M
0

can you use it for insert a variable to the session :

HttpContext.Current.Session["UID"] = reader["uid"].ToString();

and don't use static

public string Login(string email, string password)
{
}
Meso answered 12/3, 2014 at 9:52 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.