Get started for free
Visual Studio Developer Center >
How can I make a register program in visual basic.net that stores the data in online database?

Answered How can I make a register program in visual basic.net that stores the data in online database?

  • Saturday, June 09, 2012 9:12 AM
     
      Has Code
    Sign In to Vote
    0

    My code is the following:

     Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
        mysqlconnection = New MySqlConnection()
        mysqlconnection.ConnectionString = "server=db4free.net;Port=3306; user id=leo1234; password=password; database=database123e;"
        Try
            mysqlconnection.Open()
        Catch ex As MySql.Data.MySqlClient.MySqlException
 
            Select Case ex.Number
                Case 0
                    MessageBox.Show("Cannot connect to server. Contact administrator")
                Case 1045
                    MessageBox.Show("Invalid username/password, please try again")
                Case Else
                    MessageBox.Show("Connected to Server")
            End Select
        End Try
 
        Dim myadapter As New MySqlDataAdapter
        Dim sqlquary = "INSERT Into Users WHERE Username='" & UsernameTextBox.Text & "'And Password='" & PasswordTextBox.Text & "';"
        Dim command As New MySqlCommand
        command.Connection = mysqlconnection
        command.CommandText = sqlquary
        myadapter.SelectCommand = command
        Dim mydata As MySqlDataReader
        mydata = command.ExecuteReader
        If mydata.HasRows = 0 Then
            MsgBox("Error")
        Else
            Form1.Show()
            Me.Close()
        End If
 
    End Sub
End Class

    I don't have any errors on the password orr the database!!!I only have errors on the "sqlquary"

    Can you tell me how to do it???

     

All Replies

  • Saturday, June 09, 2012 1:39 PM
     
     Answered Has Code
    Sign In to Vote
    0

    I don't use MySQL but I seriously doubt your insert query's syntax is correct.  I'll assume you are actually trying to insert and not select (because your thread title includes the word "register").  To insert you should list the columns you are inserting into and then provide values in a set matching the order of those columns, like the top example in this link:  http://www.webdevelopersnotes.com/tutorials/sql/mysql_course_inserting_data_in_mysql_tables.php3

    So your insert should probably look like this:  

    Dim sqlquary = "INSERT INTO Users ([Username], [Password]) VALUES ('" & UsernameTextBox.Text & "','" & PasswordTextBox.Text & "');"

    However, you really should not be concatenating textbox values directly into your SQL statement because of the possiblity of sql injection.  What you have is an aggregious lapse in security and I highly recommen you look into using parameters - assuming MySQL allows for parameters.  Please consider this or suffer the fate of the school of little Bobby Tables:   http://xkcd.com/327/     :p
    • Edited by Dig-Boy Saturday, June 09, 2012 1:40 PM
    • Marked As Answer by Leo Leon Saturday, June 09, 2012 3:13 PM
    •  
     
  • Saturday, June 09, 2012 3:14 PM
     
     
    Sign In to Vote
    0
    Thank you very much!!!Your advise was really helpful!!!!!!!