none
How can I make a register program in visual basic.net that stores the data in online database?

    Question

  • My code is the following:

     Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
            mysqlconnection = New MySqlConnection()
            mysqlconnection.ConnectionString = "server=db4free.net;Port=3306; user id=leo1234; password=password; database=database123e;"
            Try
                mysqlconnection.Open()
            Catch ex As MySql.Data.MySqlClient.MySqlException
     
                Select Case ex.Number
                    Case 0
                        MessageBox.Show("Cannot connect to server. Contact administrator")
                    Case 1045
                        MessageBox.Show("Invalid username/password, please try again")
                    Case Else
                        MessageBox.Show("Connected to Server")
                End Select
            End Try
     
            Dim myadapter As New MySqlDataAdapter
            Dim sqlquary = "INSERT Into Users WHERE Username='" & UsernameTextBox.Text & "'And Password='" & PasswordTextBox.Text & "';"
            Dim command As New MySqlCommand
            command.Connection = mysqlconnection
            command.CommandText = sqlquary
            myadapter.SelectCommand = command
            Dim mydata As MySqlDataReader
            mydata = command.ExecuteReader
            If mydata.HasRows = 0 Then
                MsgBox("Error")
            Else
                Form1.Show()
                Me.Close()
            End If
     
        End Sub
    End Class

    I don't have any errors on the password orr the database!!!I only have errors on the "sqlquary"

    Can you tell me how to do it???

    Saturday, June 09, 2012 9:12 AM

Answers

  • I don't use MySQL but I seriously doubt your insert query's syntax is correct.  I'll assume you are actually trying to insert and not select (because your thread title includes the word "register").  To insert you should list the columns you are inserting into and then provide values in a set matching the order of those columns, like the top example in this link:  http://www.webdevelopersnotes.com/tutorials/sql/mysql_course_inserting_data_in_mysql_tables.php3

    So your insert should probably look like this: 

    Dim sqlquary = "INSERT INTO Users ([Username], [Password]) VALUES ('" & UsernameTextBox.Text & "','" & PasswordTextBox.Text & "');"

    However, you really should not be concatenating textbox values directly into your SQL statement because of the possiblity of sql injection.  What you have is an aggregious lapse in security and I highly recommen you look into using parameters - assuming MySQL allows for parameters.  Please consider this or suffer the fate of the school of little Bobby Tables:   http://xkcd.com/327/     :p
    • Edited by Dig-Boy Saturday, June 09, 2012 1:40 PM
    • Marked as answer by Leo Leon Saturday, June 09, 2012 3:13 PM
    Saturday, June 09, 2012 1:39 PM

All replies

  • I don't use MySQL but I seriously doubt your insert query's syntax is correct.  I'll assume you are actually trying to insert and not select (because your thread title includes the word "register").  To insert you should list the columns you are inserting into and then provide values in a set matching the order of those columns, like the top example in this link:  http://www.webdevelopersnotes.com/tutorials/sql/mysql_course_inserting_data_in_mysql_tables.php3

    So your insert should probably look like this: 

    Dim sqlquary = "INSERT INTO Users ([Username], [Password]) VALUES ('" & UsernameTextBox.Text & "','" & PasswordTextBox.Text & "');"

    However, you really should not be concatenating textbox values directly into your SQL statement because of the possiblity of sql injection.  What you have is an aggregious lapse in security and I highly recommen you look into using parameters - assuming MySQL allows for parameters.  Please consider this or suffer the fate of the school of little Bobby Tables:   http://xkcd.com/327/     :p
    • Edited by Dig-Boy Saturday, June 09, 2012 1:40 PM
    • Marked as answer by Leo Leon Saturday, June 09, 2012 3:13 PM
    Saturday, June 09, 2012 1:39 PM
  • Thank you very much!!!Your advise was really helpful!!!!!!!
    Saturday, June 09, 2012 3:14 PM