why is the Username and Password not working

Question

Hi, All

Check the Code and Tell me where is the Error.

thanks

Imports System.Data.SqlClient
Public Class loginform
    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim con As New SqlConnection
        Dim com As New SqlCommand
        Dim dr As SqlDataReader
        Dim i As String
        i = Environment.MachineName.ToString

        Try


            If TextBox1.Text = "" And TextBox2.Text = "" Then
                MsgBox("Please enter username and password")
                TextBox1.Focus()
            ElseIf TextBox1.Text = "" Then
                MsgBox("Please enter username")
                TextBox1.Focus()
            ElseIf TextBox2.Text = "" Then
                MsgBox("Please enter password")
                TextBox2.Focus()
            Else
                con.ConnectionString = "Data Source= " & i & "\SQLEXPRESS;Initial Catalog=school;Persist Security Info=True;User ID=Gms;Password=maghavaN"
                con.Open()
                com.Connection = con
                com = New SqlCommand("select * from username  WHERE uname='" & TextBox1.Text & "' and pwd='" & TextBox2.Text & "'", con)
                dr = com.ExecuteReader()
                If dr.Read Then
                    Dim main As New Main
                    main.Show()
                    main.Label6.Text = TextBox1.Text
                    Me.Hide()
                Else
                    MsgBox("Enter correct username and password")
                End If
                con.Close()
            End If
        Catch ex As Exception
            MsgBox("" & ex.Message)
        End Try

    End Sub
End Class

Answer 1

What is the error that you recieved? please post its details here also.

---

Fouad Roumieh

Answer 2

Hello,

Any time you ask a question such as this one please include the exception message so others can assist you without asking you or this information in the first place.

---

Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my webpage under my profile but do not reply to forum questions.

Microsoft Developer tools

Answer 3

If the application is connecting to a local instance of SQL Server (meaning the database is on the same machine as the running application, then you can simply use .\SQLINSTANCENAME instead of the machine name, which you are trying to do. Not to say using the machine name shouldn't work, but it is much easier to simply hard code your connection string as

"Data Source=.\SQLEXPRESS;Initial Catalog=school;Persist Security Info=True;User ID=Gms;Password=maghavaN"

If you can open SQL Management Studio and connect to .\SQLEXPRESS using those credentials, then we can be sure it is not a user name and password issue. There is also an assumption that you have a DB attached to the SQL Server instance called school.

You also did not specify if your issue with user name and passwords not working is with the database credentials, or those provided by the user when logging in, so we need you to clarify that for us to be able to help you further.

In addition, there are some bad coding issues here. For starters, I could erase your entire database by entering a partial SQL string into textbox1.text like 'x;DROP TABLE username'. This is called SQL Injection, and you should never write SQL statements this way. You should use SQL parameters to pass in variables to your SQL strings, because this will ensure that someone could not do such a thing.

You also don't need to read from the datareader to see if you have rows, you can just check the .HasRows property to see if the query returned a row or not.

---

Matt Kleinwaks - MSMVP MSDN Forums Moderator - www.zerosandtheone.com