This error showed up when I tried to login on my application...
My suspicion is that SqlDbType.VarChar ( it has an integer of 22 ) is not detected by Visual Basic or MySql Connector is bugged... But, what do you think of this?
The VarChar ID is not detected...
Here's the code to pressing the login button:
Private Sub loginMenu_Click_1(sender As Object, e As EventArgs) Handles loginMenu.Click
Dim val As Integer
If userTextBoxMenu.Text = "" Or passTextBoxMenu.Text = "" Then
MessageBox.Show("Please fill in username and password, please.")
Else
Try
sqlConn.Open()
sqlComm.CommandType = CommandType.Text
'sqlComm.CommandText = "SELECT * FROM admin_account WHERE username = '" & userTextBoxMenu.Text & "' AND password = '" & passTextBoxMenu.Text & "'"
sqlComm.CommandText = "SELECT * FROM admin_account WHERE username = #userN AND password = #passW;"
sqlAdap = New MySqlDataAdapter(sqlComm.CommandText, sqlConn)
sqlComm.Parameters.Add("#userN", SqlDbType.VarChar, 20)
sqlComm.Parameters("#userN").Value = userTextBoxMenu.Text
sqlComm.Parameters.Add("#passW", SqlDbType.VarChar, 20).Value = passTextBoxMenu.Text
sqlComm.Parameters("#passW").Value = passTextBoxMenu.Text
val = sqlAdap.Fill(dataTab)
sqlConn.Close()
If val = 1 Then
statusLabelMenu.Text = "Logged In"
sqlComm.Parameters.Clear()
ElseIf val = 0 Then
userTextBoxMenu.Text = ""
passTextBoxMenu.Text = ""
MessageBox.Show("Invalid username or password!")
sqlComm.Parameters.Clear()
ElseIf val > 1 Then
userTextBoxMenu.Text = ""
passTextBoxMenu.Text = ""
MessageBox.Show("WARNING! SQL injection attack detected. Authorities noted.")
sqlComm.Parameters.Clear()
End If
Catch ex As Exception
Console.WriteLine(ex.Message)
MessageBox.Show(ex.Message)
End Try
End If
End Sub
SqlDbType is for use with the SqlClient provider for SQL Server. Not surprisingly, the MySqlDbType enumeration is for use with the MySqlClient provider for MySQL.
Related
I was using vb.net and try to update the row of the sourcedata in the gridview which connected to the database.I'm using primary key id in the database.
Below is the related code,This is to generate the primary key ID:
Private Sub GetId()
Dim Id As Integer
Dim query As String
Dim nameid As Integer
query = "select Id from information.information order by Id Desc"
sqlConn.ConnectionString = "server =" + server + ";" + "user id=" + username + ";" _
+ "password=" + password + ";" + "database = " + database
sqlConn.Open()
sqlCmd = New MySqlCommand(query, sqlConn)
sqlRd = sqlCmd.ExecuteReader()
If (sqlRd.Read()) Then
nameid = Integer.Parse(sqlRd(0)) + 1
Id = nameid.ToString("00")
ElseIf (Convert.IsDBNull(sqlRd)) Then
Id = ("01")
Else
Id = ("01")
End If
sqlConn.Close()
txtId.Text = Id
End Sub
This is to update the rows:
Private Sub Editrow()
sqlConn.ConnectionString = "server =" + server + ";" + "user id=" + username + ";" _
+ "password=" + password + ";" + "database = " + database
sqlConn.Open()
sqlCmd.Connection = sqlConn
With sqlCmd
.CommandText = "Update information.information set Name=#Name,EmailAddress=#EmailAddress,PhoneNumber=#PhoneNumber,DOB=#DOB,Address=#Address where Id=#newId"
.CommandType = CommandType.Text
.Parameters.AddWithValue("#newId", txtId)
.Parameters.AddWithValue("#Name", txtName)
.Parameters.AddWithValue("#EmailAddress", txtEmailAddress)
.Parameters.AddWithValue("#PhoneNumber", txtPhoneNumber)
.Parameters.AddWithValue("#DOB", txtDob)
.Parameters.AddWithValue("#Address", txtAddress)
End With
sqlCmd.ExecuteNonQuery()
sqlConn.Close()
updateTable()
'clear txtbox values
txtId.Text = ""
txtName.Text = ""
txtEmailAddress.Text = ""
txtPhoneNumber.Text = ""
txtDob.Text = ""
txtAddress.Text = ""
End Sub
this is to get the rows:
Private Sub Getrow()
Try
txtId.Text = DataGridView1.SelectedRows(0).Cells(0).Value.ToString()
txtName.Text = DataGridView1.SelectedRows(0).Cells(1).Value
txtEmailAddress.Text = DataGridView1.SelectedRows(0).Cells(2).Value
txtPhoneNumber.Text = DataGridView1.SelectedRows(0).Cells(3).Value
txtDob.Text = DataGridView1.SelectedRows(0).Cells(4).Value
txtAddress.Text = DataGridView1.SelectedRows(0).Cells(5).Value
Catch ex As Exception
MessageBox.Show(ex.Message)
End Try
End Sub
And here is the error:
error message
here is my database setting:
database
I am making the following assumption: txtId, txtName, txtEmailAddress, etc. are textboxes on a form.
In your code you currently are passing the Textbox object. I think if you pass the Text property of your textbox (ie txtName.Text) instead it will fix your issue.
With sqlCmd
.CommandText = "Update information.information set Name=#Name,EmailAddress=#EmailAddress,PhoneNumber=#PhoneNumber,DOB=#DOB,Address=#Address where Id=#newId"
.CommandType = CommandType.Text
.Parameters.AddWithValue("#newId", txtId.Text)
.Parameters.AddWithValue("#Name", txtName.Text)
.Parameters.AddWithValue("#EmailAddress", txtEmailAddress.Text)
.Parameters.AddWithValue("#PhoneNumber", txtPhoneNumber.Text)
.Parameters.AddWithValue("#DOB", txtDob.Text)
.Parameters.AddWithValue("#Address", txtAddress.Text)
End With
Im new to visual basic and im currently working on a log in form linked to mysql...i have a code for the log in button but it only gives me an error.This is the code
Private Sub LogIn_btn_Click(sender As Object, e As EventArgs) Handles LogIn_btn.Click
dbconn = New MySqlConnection()
dbconn = New MySqlConnection("Data Source=localhost;user id=root;password=root;database=oeas") With {
.ConnectionString = "Data Source=localhost;user id=root;password=root;database=oeas"
}
sqlcmd = New MySqlCommand()
Try
dbconn.Open()
Const V As String = "select * From oeas.users where User_Name = '" & Pass_txtbx.Text&"' and Password ='" & UserN_txtbx.Text& "' "
query = V
sqlcmd = New MySqlCommand(query, dbconn)
dbrd = sqlcmd.ExecuteReader
Dim count As Integer
count = 0
While dbrd.Read
count = count + 1
End While
If count = 1 Then
MessageBox.Show("username and password are correct")
Profile_form.Show()
Me.Hide()
ElseIf count > 1 Then
MessageBox.Show("username and password are duplicate")
Else
MessageBox.Show("username and password are not correct")
End If
Catch ex As MySqlException
MsgBox("Connection Error: " & ex.Message.ToString)
End Try
End Sub
what might be wrong?
I've been searching for many references on this problem and I have nothing.. It's still have the same error, when i do login, then it will not having any problem, and after a while, the error will be shown so many times.
Call Koneksi()
Try
cmd = New Odbc.OdbcCommand("SELECT * FROM tb_user WHERE username = '" & txt_username.Text & "' AND password = '" & txt_password.Text & "'", conn)
rd = cmd.ExecuteReader
rd.Read()
If rd.HasRows = True Then
txt_akses.Text = rd!hak_akses
MsgBox("Welcome '" & rd!nama & "'", MsgBoxStyle.Exclamation, "Information")
MenuCustomer.txt_user.Text = rd!username
cmd = New Odbc.OdbcCommand("SELECT * FROM tb_permainan WHERE status = 1", conn)
rd = cmd.ExecuteReader
rd.Read()
If txt_akses.Text = "Customer" Then
If rd.HasRows = False Then
txt_username.Text = ""
txt_password.Text = ""
txt_akses.Text = ""
MenuCustomer.Show()
Else
MsgBox("Permainan sedang berlangsung. Mohon Untuk login sesaat lagi", MsgBoxStyle.Exclamation, "Information")
End If
Else
MenuStaff.Show()
End If
Else
txt_username.Text = ""
txt_password.Text = ""
txt_akses.Text = ""
txt_username.Select()
MsgBox("Username atau password salah", MsgBoxStyle.Exclamation, "Information")
End If
rd.Close()
Catch ex As Exception
MsgBox(ex.Message)
End Try
And here is my module named koneksi
Imports System.Data.Odbc
Module CRUD
'Setting Koneksi
Public conn As OdbcConnection
Public cmd As OdbcCommand
Public ds As New DataSet
Public da As OdbcDataAdapter
Public rd As OdbcDataReader
Public dt As New DataTable
Public LokasiData As String
Public result As String
Sub Koneksi()
LokasiData = "Driver={MySQL ODBC 3.51 Driver};Database=db_bubble;server=192.168.1.14;uid=root"
conn = New OdbcConnection(LokasiData)
If conn.State = ConnectionState.Closed Then
conn.Open()
End If
End Sub
The DataReader.HasRows property check must precede the DataReader.Read() method, which should be enclosed in While loop because DataReader is forward-only stream (checking row availability immediately after ExecuteReader()). This example below is the correct way:
Try
cmd = New Odbc.OdbcCommand("SELECT * FROM tb_user WHERE username = #UserName AND password = #Password", conn)
cmd.Parameters.AddWithValue("#UserName", txt_username.Text)
cmd.Parameters.AddWithValue("#Password", txt_password.Text)
Using rd As OdbcDataReader = cmd.ExecuteReader()
If rd.HasRows = True Then
While rd.Read()
txt_akses.Text = rd!hak_akses
MsgBox("Welcome '" & rd!nama & "'", MsgBoxStyle.Exclamation, "Information")
MenuCustomer.txt_user.Text = rd!username
cmd2 = New Odbc.OdbcCommand("SELECT * FROM tb_permainan WHERE status = 1", conn)
Using rd2 As OdbcDataReader = cmd2.ExecuteReader()
If rd2.HasRows = True Then
While rd2.Read()
If txt_akses.Text = "Customer" Then
If rd.HasRows = False Then
txt_username.Text = ""
txt_password.Text = ""
txt_akses.Text = ""
MenuCustomer.Show()
Else
MsgBox("Game is in progress. Please login for a while", MsgBoxStyle.Exclamation, "Information")
End If
Else
MenuStaff.Show()
End If
End While
End If
End Using
End While
Else
txt_username.Text = ""
txt_password.Text = ""
txt_akses.Text = ""
txt_username.Select()
MsgBox("Incorrect username or password", MsgBoxStyle.Exclamation, "Information")
End If
End Using
Catch ex As Exception
MsgBox(ex.Message)
End Try
Note that you should use different DataReader instances for this case, because in current code the second DataReader assignment overwrites the first. Also use parameters inside query to prevent SQL injection attempt.
I have modified my code like this, and it still show error
Using rd As OdbcDataReader = cmd.ExecuteReader
If rd.HasRows = True Then
While rd.Read()
txt_akses.Text = rd!hak_akses
MsgBox("Welcome '" & rd!nama & "'", MsgBoxStyle.Exclamation, "Information")
MenuCustomer.txt_user.Text = rd!username
If txt_akses.Text = "Customer" Then
cmd2 = New OdbcCommand("SELECT * FROM tb_permainan WHERE status = 1", conn)
Using rd2 As OdbcDataReader = cmd2.ExecuteReader
If rd2.HasRows = True Then
MsgBox("Permainan sedang berlangsung. Mohon Untuk login sesaat lagi", MsgBoxStyle.Exclamation, "Information")
Else
While rd2.Read()
txt_username.Text = ""
txt_password.Text = ""
txt_akses.Text = ""
MenuCustomer.Show()
End While
End If
End Using
Else
MenuStaff.Show()
End If
End While
Else
txt_username.Text = ""
txt_password.Text = ""
txt_akses.Text = ""
txt_username.Select()
MsgBox("Username atau password salah", MsgBoxStyle.Exclamation, "Information")
End If
End Using
The error shown is looping..
Im trying to pull data from 2 different tables in one button click event. I've checked over everything and doesn't seem to be any typo's or anything but keep getting this error.
Below is my code for the button click event
Protected Sub btnFindRepair_Click(sender As Object, e As EventArgs) Handles btnFindRepair.Click
Dim connection As New SqlConnection("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\ITrepair.mdf;Integrated Security=True")
Dim command As New SqlCommand("SELECT * from Repair; SELECT * FROM Customer WHERE Tracking_Number = #Tracking_Number", connection)
command.Parameters.Add("#Tracking_Number", SqlDbType.Int).Value = txtTrackingNumber.Text
Dim adapter As New SqlDataAdapter(command)
Dim ds As System.Data.DataSet
Dim table As New DataTable()
adapter.Fill(table)
'Repair Details
DDLBookedInBy.SelectedItem.Text = ""
DDLDeviceType.SelectedItem.Text = ""
txtBookedInDate.Text = ""
txtDeviceName.Text = ""
DDLAccessories.SelectedItem.Text = ""
txtDevicePassword.Text = ""
DDLRepairType.Text = ""
txtTechnical.Text = ""
txtCompletedNotes.Text = ""
DDLRepairStatus.Text = ""
'Customer Details
txtFname.Text = ""
txtLname.Text = ""
txtContactNum.Text = ""
txtAltContactNum.Text = ""
txtAddress.Text = ""
If table.Rows.Count() > 0 Then
' return only 1 row
DDLBookedInBy.SelectedItem.Text = ds.tables(0).Rows(0)(2).ToString()
DDLDeviceType.SelectedItem.Text = ds.tables(0).Rows(0)(3).ToString()
txtBookedInDate.Text = ds.tables(0).Rows(0)(4).ToString()
txtDeviceName.Text = ds.tables(0).Rows(0)(5).ToString()
DDLAccessories.SelectedItem.Text = ds.tables(0).Rows(0)(6).ToString()
txtDevicePassword.Text = ds.tables(0).Rows(0)(7).ToString()
DDLRepairType.Text = ds.tables(0).Rows(0)(8).ToString()
txtTechnical.Text = ds.tables(0).Rows(0)(9).ToString()
txtCompletedNotes.Text = ds.tables(0).Rows(0)(10).ToString()
txtFname.Text = ds.tables(1).Rows(1)(4).ToString()
txtLname.Text = table.Rows(1)(5).ToString()
txtContactNum.Text = table.Rows(1)(6).ToString()
txtAltContactNum.Text = table.Rows(1)(7).ToString()
txtAddress.Text = table.Rows(1)(8).ToString()
Else
MsgBox("NO DATA found")
End If
End Sub
Replace all occurences of ds.tables(0) with table. You haven't initialized the DataSet ds but you don't need it anyway because you fill the DataTable tbl with adapter.Fill(table).
For example:
If table.Rows.Count > 0 Then
DDLBookedInBy.SelectedItem.Text = table.Rows(0)(2).ToString()
' .... '
If you want to fill the DataSet use:
Dim ds As System.Data.DataSet
Dim table As New DataTable()
ds = New DataSet()
adapter.Fill(ds)
If table.Rows.Count > 0 Then
DDLBookedInBy.SelectedItem.Text = ds.Tables(0).Rows(0)(2).ToString()
' .... '
txtFname.Text = ds.Tables(1).Rows(1)(4).ToString()
' ... '
In the above I want it to give me the value of "ID" of the "Username" associated with it.
Here is the command I tried
Dim Query2 = String.Format("SELECT ID FROM account WHERE character = " & UsernameTextBox.Text & " ")
Command = New MySqlCommand(Query2, mydbcon)
Dim idtest = reader.Read.ToString
MsgBox(idtest)
however it is returning "false" what am I doing wrong?
Here is the entire code that I am working on:
Try
mydbcon.Open()
Dim Query As String
Query = String.Format("SELECT * FROM account WHERE username = '{0}' AND password = '{1}'", Me.UsernameTextBox.Text.Trim(), Me.PasswordTextBox.Text.Trim())
Dim Command = New MySqlCommand(Query, mydbcon)
reader = Command.ExecuteReader
Dim count As Integer
count = 0
While reader.Read
count = count + 1
End While
If count = 1 Then
MessageBox.Show("Username and password are correct")
Query = String.Format("SELECT username AS ID FROM account WHERE character = " & UsernameTextBox.Text & " ")
Command = New MySqlCommand(Query, mydbcon)
My.Settings.LoginID = reader.Read
MsgBox(My.Settings.LoginID)
ElseIf count > 1 Then
MessageBox.Show("Username and password are duplicate")
Else
MessageBox.Show("Username and password are wrong")
End If
mydbcon.Close()
Catch ex As MySqlException
MessageBox.Show(ex.Message)
Finally
mydbcon.Dispose()
End Try
Use ID as alias (so select username AS anyNameYouWantToAssignToIt):
Dim Query2 = String.Format("SELECT username AS ID FROM account WHERE character = " & UsernameTextBox.Text & " ")