0

I have a windows form that takes username and password. It validates it with the database I have created that contains the correct usernames and passwords. So I have implemented a code to verify whether the details entered are proper

Here is my code:

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
    Try
        myconnection = New SqlConnection("server=PARTH-PC\SQLEXPRESS;uid=sa;pwd=demo;database=fc")
        'you need to provide password for sql server
        myconnection.Open()
        TextBox1.Text = userid
        TextBox2.Text = password



        mycommand = New SqlCommand("select * from student where user id='" & TextBox1.Text & "' and password='" & TextBox2.Text & "')", myconnection)
    Catch ex As Exception
    Finally

    End Try

    Try


        If EOF(1) Then

            MessageBox.Show("Access Denied...Please enter correct password!")

            TextBox1.Text = ""

            TextBox2.Text = ""

            'txtUserName.SetFocus()




        Else
            Txt = "" & " " & UCase$(TextBox1.Text) & ""
            MsgBox("Welcome!!!" & Txt)
            Form2.Show()
        End If
    Catch ex As Exception

    End Try

    myconnection.Close()
     End Sub
  End Class

I am facing a problem in this code..its not working fine ..can someone help me

Improve this question
3
  • I cant see where you are executing the SqlCommand and evaluating the result :) Commented Oct 20, 2011 at 16:09
  • yes because I dnt knw how to check the result. my SQL query should return some value that I can check with a boolean variable or something ..if is a true say the user is authenticated..I know the logic but I am not able to write a code for it because I am new to database connectivity using SQL and VB..Can u help me ? Commented Oct 20, 2011 at 16:13
  • 2
    Don't write sql code like this, see en.wikipedia.org/wiki/SQL_injection Commented Oct 20, 2011 at 16:14

1 Answer 1

Reset to default
1

Without going into the many cons of your code and how you are going about authenticating your users, you could correct your code as follows:

myconnection.Open();
mycommand = new SqlCommand("select * from student where user id='" & TextBox1.Text & "' and password='" & TextBox2.Text & "')", myconnection)
SqlDataReader reader = mycommand.ExecuteReader();
if(reader != null) 
{
    if(reader.Read())
    {
        // You found your user. Do what you need to do here.
    }
    else
    {
        // You did not find your user. Do what you need to do here.
    }
}
else
{
    // Something went wrong. You did not find your user. Do what you need to do here.
}

NOTE: The code is in C#. It shouldn't be difficult to change it into its VB.NET equivalent

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

depending on the fields in your student table reader.GetValue(0) should give your first field, reader.GetValue(1) your second, etc
ok so u mean reader.GetValue(0) will return the first field of my username column and the first field of my password column of student table..Also then how do I check if the value entered in the Textboxes and the value returned by reader.GetValue() are the same ? Can u tell me how to do this coz that's what I basically want to do
@Parth_90: your where clause already filtered by username and password entered on the textboxes. This means that if the if(reader.Read){} block is executed, the user with that username and password exists. If the user did not exist, else blocks are executed and you should probably throw an appropriate exception or handle it any way you deem fit
You should also only store a hash of the password, not the password in clear text in the database. Using an MD5 hash is relatively straight forward. Check into the MD5 hash algorithm contained in the .NET Framework.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.