none
VS.Net + Access Database, LOGIC Question! Need help badly! Please! RRS feed

  • Question

  • First of all, this is a website made using VS.Net, the database is Access.

     

    In my database, I have a Table called "User" where it lists the UserID, Email, Passwd, etc.

    I need to compare data from 2 textboxes that a user inputs to that of the table.

    I have been told that this can be done by forming an SQL to select the UserID of a particular record whereby the email and password saved in the User table match with that in the textboxes.

     

    *Please do not ask me to use parameters instead of concatenating string values. This work is for a school project, and our lecturer has already briefed us that we DO NOT need to use parameters. We would have to learn about that, but at a later date. For now that is not my question, and I really do not have the time to read up on parameters.*

     

    **My question is about where my logic is wrong.**

     

    I've tested the Select statement. There seems to be nothing wrong with it. I'm pretty sure its to do with the logic of the rest of the coding.

     

    With the following codes, even if I enter a correct Email & Password with regards to the table, it still states that I have entered incorrectly.

     

    Code Snippet

    Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click

    Dim objDbMgmt As New DbMgmt

    objDbMgmt.Connect()

    Dim strSqlCmd As String

    Dim objDataReader As OleDb.OleDbDataReader

    Dim strEmail, strPwd As String

    Dim intUserID As Integer

    strEmail = txtEmail.Text

    strPwd = txtPwd.Text

    intUserID = Session("UserID")

    strSqlCmd = "SELECT UserID " & _

    "FROM User WHERE Email = '" + strEmail + "' AND Passwd = '" + strPwd + "'"

    If intUserID <> 0 Then

    Session("UserID") = objDbMgmt.ExecuteScalar(strSqlCmd)

    Response.Redirect("Default.aspx")

    Else

    lblMsg.Text = "Incorrect E-mail and Password!"

    lblMsg.ForeColor = Color.Red

    End If

    End Sub

     

     

     

     

    Friday, August 10, 2007 11:55 AM

Answers

  • Change "if intUserId <> 0" to "if intUserId == 0", so that if you don't have the UserId stored in the session then it tries to get it from the database.

    If ExecuteScalar doesn't return a valid UserId then you show your error message, otherwise you write the userId to the Session and perform your redirect.

    I'd write it for you, but I'm a C# guy and besides I shouldn't really do your homework for you

    Sean
    Friday, August 10, 2007 2:54 PM

All replies

  •  

    You need put the object name into [], 'cause "User" is a system object name of Access.
    Friday, August 10, 2007 12:26 PM
  • Err, I've tried putting the User in [], it still doesnt work. Thanks for your suggestion but I dont think thats the problem.

     

    I'm quite certain its because theres something fundamentally wrong in the logic. I've stated in my first post what is the result I want, but I do not know how to go around doing it, my codes are me just "trying" to do it.

     

    I've tested the Select statement. There seems to be nothing wrong with it. I'm pretty sure its to do with the logic of the rest of the coding.

    Friday, August 10, 2007 1:15 PM
  •  

    Maybe you should print your commandtext first, so you can analyze whether it is correct or not.

    If you don't put "User" in [], you shall see a "From xxxxx" exception thrown.

    Friday, August 10, 2007 1:20 PM
  • I've tried it with the [User], the problem is still there. With or without the [] there are no exceptions or errors.

     

    Like I've said, it is a logic problem.

     

    Can someone who has experience in this area please point out the problem of the logic in my codes? I'm very sure someone out there can help, this is very basic stuff, but it's my first time working with this.

     

     

    Friday, August 10, 2007 1:35 PM
  • I should mention that I'm not a web-developer so I may be wrong, but I think I see the flaw.

    Your query is only executed if intUserID does not equal zero. I'm guessing that intUserID starts off as zero and therefore your query is never executed.

    Sean
    Friday, August 10, 2007 1:40 PM
  • Ok that sounds reasonable. Any idea how I might fix this?

    Friday, August 10, 2007 1:48 PM
  • The problem is that intUserID contains a value of zero. Did you check the value of Session("UserID") in debug? Where is this session variable set?

    Friday, August 10, 2007 1:49 PM
  • Urgh. Sorry but I really don't know how to check..

    1) How do i check the value Session("UserID") in debug.

    2) What do you mean by where is this session variable set?

     

    For (2) is this what u meant? If not, how do i set the session variable?

    Code Snippet

    Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click

    Dim objDbMgmt As New DbMgmt

    objDbMgmt.Connect()

    Dim strSqlCmd As String

    Dim objDataReader As OleDb.OleDbDataReader

    Dim strEmail, strPwd As String

    Dim intUserID As Integer

    strEmail = txtEmail.Text

    strPwd = txtPwd.Text

    intUserID = Session("UserID")

    strSqlCmd = "SELECT UserID " & _

    "FROM User WHERE Email = '" + strEmail + "' AND Passwd = '" + strPwd + "'"

    If intUserID <> 0 Then

    Session("UserID") = objDbMgmt.ExecuteScalar(strSqlCmd)

    Response.Redirect("Default.aspx")

    Else

    lblMsg.Text = "Incorrect E-mail and Password!"

    lblMsg.ForeColor = Color.Red

    End If

    End Sub

     

     

    Friday, August 10, 2007 2:04 PM
  • Somewhere in your code, perhaps another web page, you initialize the value of the session variable:

    Session("UserID") = somevalue

     

    What are you using the session variable for?

     

     

    Friday, August 10, 2007 2:39 PM
  • Change "if intUserId <> 0" to "if intUserId == 0", so that if you don't have the UserId stored in the session then it tries to get it from the database.

    If ExecuteScalar doesn't return a valid UserId then you show your error message, otherwise you write the userId to the Session and perform your redirect.

    I'd write it for you, but I'm a C# guy and besides I shouldn't really do your homework for you

    Sean
    Friday, August 10, 2007 2:54 PM
  •  

    Oh great idea, don't worry about it, I'm just worried about the logic. Since you've been so good to tell me the algorithm, I can work out the rest of the coding myself.

     

    Thanks alot! I will try it soon, and come back with my results, but it seems what you said totally makes sense.

     

    Thanks for everyone who replied! You guys are great!

     

    I'll post results after I've tried Smile

    Friday, August 10, 2007 3:25 PM
  • thanks guys for the reply! i've tried the suggestions and they work! thanks everyone

    Saturday, August 11, 2007 8:34 AM