locked
why is the Username and Password not working RRS feed

  • Question

  • Hi, All

    Check the Code and Tell me where is the Error.

    thanks

    Imports System.Data.SqlClient
    Public Class loginform
        Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
            Dim con As New SqlConnection
            Dim com As New SqlCommand
            Dim dr As SqlDataReader
            Dim i As String
            i = Environment.MachineName.ToString

            Try


                If TextBox1.Text = "" And TextBox2.Text = "" Then
                    MsgBox("Please enter username and password")
                    TextBox1.Focus()
                ElseIf TextBox1.Text = "" Then
                    MsgBox("Please enter username")
                    TextBox1.Focus()
                ElseIf TextBox2.Text = "" Then
                    MsgBox("Please enter password")
                    TextBox2.Focus()
                Else
                    con.ConnectionString = "Data Source= " & i & "\SQLEXPRESS;Initial Catalog=school;Persist Security Info=True;User ID=Gms;Password=maghavaN"
                    con.Open()
                    com.Connection = con
                    com = New SqlCommand("select * from username  WHERE uname='" & TextBox1.Text & "' and pwd='" & TextBox2.Text & "'", con)
                    dr = com.ExecuteReader()
                    If dr.Read Then
                        Dim main As New Main
                        main.Show()
                        main.Label6.Text = TextBox1.Text
                        Me.Hide()
                    Else
                        MsgBox("Enter correct username and password")
                    End If
                    con.Close()
                End If
            Catch ex As Exception
                MsgBox("" & ex.Message)
            End Try

        End Sub
    End Class

    Wednesday, September 2, 2015 10:37 AM

Answers

  • If the application is connecting to a local instance of SQL Server (meaning the database is on the same machine as the running application, then you can simply use .\SQLINSTANCENAME instead of the machine name, which you are trying to do. Not to say using the machine name shouldn't work, but it is much easier to simply hard code your connection string as

    "Data Source=.\SQLEXPRESS;Initial Catalog=school;Persist Security Info=True;User ID=Gms;Password=maghavaN"

    If you can open SQL Management Studio and connect to .\SQLEXPRESS using those credentials, then we can be sure it is not a user name and password issue. There is also an assumption that you have a DB attached to the SQL Server instance called school.

    You also did not specify if your issue with user name and passwords not working is with the database credentials, or those provided by the user when logging in, so we need you to clarify that for us to be able to help you further.

    In addition, there are some bad coding issues here. For starters, I could erase your entire database by entering a partial SQL string into textbox1.text like 'x;DROP TABLE username'. This is called SQL Injection, and you should never write SQL statements this way. You should use SQL parameters to pass in variables to your SQL strings, because this will ensure that someone could not do such a thing.

    You also don't need to read from the datareader to see if you have rows, you can just check the .HasRows property to see if the query returned a row or not.


    Matt Kleinwaks - MSMVP MSDN Forums Moderator - www.zerosandtheone.com

    • Proposed as answer by Xavier Xie-MSFT Monday, September 14, 2015 5:48 AM
    • Marked as answer by Youjun Tang Tuesday, September 15, 2015 3:11 AM
    Wednesday, September 2, 2015 3:12 PM

All replies

  • What is the error that you recieved? please post its details here also.

    Fouad Roumieh


    Wednesday, September 2, 2015 11:38 AM
  • Hello,

    Any time you ask a question such as this one please include the exception message so others can assist you without asking you or this information in the first place.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my webpage under my profile but do not reply to forum questions.

    Microsoft Developer tools

    Wednesday, September 2, 2015 12:58 PM
  • If the application is connecting to a local instance of SQL Server (meaning the database is on the same machine as the running application, then you can simply use .\SQLINSTANCENAME instead of the machine name, which you are trying to do. Not to say using the machine name shouldn't work, but it is much easier to simply hard code your connection string as

    "Data Source=.\SQLEXPRESS;Initial Catalog=school;Persist Security Info=True;User ID=Gms;Password=maghavaN"

    If you can open SQL Management Studio and connect to .\SQLEXPRESS using those credentials, then we can be sure it is not a user name and password issue. There is also an assumption that you have a DB attached to the SQL Server instance called school.

    You also did not specify if your issue with user name and passwords not working is with the database credentials, or those provided by the user when logging in, so we need you to clarify that for us to be able to help you further.

    In addition, there are some bad coding issues here. For starters, I could erase your entire database by entering a partial SQL string into textbox1.text like 'x;DROP TABLE username'. This is called SQL Injection, and you should never write SQL statements this way. You should use SQL parameters to pass in variables to your SQL strings, because this will ensure that someone could not do such a thing.

    You also don't need to read from the datareader to see if you have rows, you can just check the .HasRows property to see if the query returned a row or not.


    Matt Kleinwaks - MSMVP MSDN Forums Moderator - www.zerosandtheone.com

    • Proposed as answer by Xavier Xie-MSFT Monday, September 14, 2015 5:48 AM
    • Marked as answer by Youjun Tang Tuesday, September 15, 2015 3:11 AM
    Wednesday, September 2, 2015 3:12 PM