none
Log in help RRS feed

  • Question

  • Public Sub logInWorker()

            If log_id.Text = "" Then

                MsgBox("Please Enter ID", MsgBoxStyle.Information)
                log_id.Focus()

            ElseIf log_pw.Text = "" Then

                MsgBox("Please enter your password", MsgBoxStyle.Information)
                log_pw.Focus()


            Else

                ' get the id of the worker name
                getQuery = "SELECT registrationform.worker_id FROM registrationform WHERE registrationform.worker_password ='" & log_pw.Text & "' AND registrationform.worker_id ='" & log_id.Text & "'"
                getCommand = New MySqlCommand(getQuery, MySQLConnection)
                getReader = getCommand.ExecuteReader() <- IM GETTING ERROR HERE 

                If getReader.Read = True Then

                    getID = (getReader.Item("worker_id").ToString)

                    MsgBox("Welcome!", MsgBoxStyle.Information)

                    getReader.Close()

                    getTimeButtons()

                    disableLogIn()

                Else

                    MsgBox("Incorrect fullname and/or password!", MsgBoxStyle.Information)
                    log_pw.Focus()

                End If

                getReader.Close()



            End If

        End Sub

    ---------------

    Help me please :( Thank you

    Monday, March 26, 2018 9:39 AM

All replies

  • Hello,

    Not knowing the error I would have you create two parameters for the command object instead of using string concatenation for the SELECT statement.

    Why use parameters?

    • Prevents SQL Injection
    • Handles (in this case) formatting of strings e.g. if there was an un-escaped apostrophe this would cause a syntax error.

    The following is done in SQL-Server but could just as easily be MySql outside of Visual Studio

    DECLARE @CompanyName AS NVARCHAR(MAX) = 'Joe company';
    SELECT CustomerIdentifier FROM Customers WHERE CompanyName = @CompanyName

    The above is valid while the following is invalid because of the embedded apostrophe

    DECLARE @CompanyName AS NVARCHAR(MAX) = 'Joe's company';
    SELECT CustomerIdentifier FROM Customers WHERE CompanyName = @CompanyName

    Using parameters in code we would end up with 

    DECLARE @CompanyName AS NVARCHAR(MAX) = 'Joe''s company';
    SELECT CustomerIdentifier FROM Customers WHERE CompanyName = @CompanyName

    Bottom line, use parameters, secondly always test outside of code (see my TechNet article).


    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    Monday, March 26, 2018 2:28 PM
    Moderator
  • Hi Jin_djin,

    Please show your error message here firstly or check connection open or not.

    You can also see the following link about using MySQL.

    https://dev.mysql.com/doc/dev/connector-net/6.10/html/M_MySql_Data_MySqlClient_MySqlCommand_ExecuteReader.htm

    Best Regards,

    Cherry


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, March 27, 2018 5:22 AM
    Moderator