Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Compare data from SQL select to variables on form 1

Status
Not open for further replies.
cdck

cdck

Programmer
Nov 25, 2003
281
US
I have a simple form for login to an application which needs to pull a a user's information from a database based on variables set on the form and verify that the data matches. I've worked extensively in both VBA and VBscript in the past, and am having trouble making the transition to Visual Basic. I also appear to be using the wrong search terms to find solutions to my problems.

Below is my code. There are two points where Visual Studio is identifying errors for me. Can anyone help me to figure out the correct way to code this?
[tt]
Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click

Dim UserName As String, Password As String
UserName = Me.txtUsername.Text
Password = Me.txtPassword.Text


Dim constr As String
constr = My.Settings.M2MAydinOtherConnectionString

Dim SQLselect As String
SQLselect = "SELECT Password FROM vwUserDBaccess WHERE UserName = " & UserName & " AND DBid = 46"

Dim ds As DataSet
Dim da As System.Data.SqlClient.SqlDataAdapter
Dim con As System.Data.SqlClient.SqlConnection

con = New System.Data.SqlClient.SqlConnection(constr)
da = New System.Data.SqlClient.SqlDataAdapter(SQLselect, con)
ds = New System.Data.DataSet()

da.Fill(ds)

If IsNull(ds) = True Then
MsgBox("The username is not found in the system. Please try again or contact IT for assistance.", MsgBoxStyle.OkOnly, "Login Failed.")
ElseIf Password <> ds(Password) Then
MsgBox("The password does not match the one in the system for User " & UserName & ". Please contact IT for assistance.")
Else
QCmaster.MdiParent = QualityControl
QCmaster.Show()
Me.Close()
End If
End Sub
[/tt]

I have underlined the errors above.

In the first case, I am attempting to determine if there is actually no record at all matching the criteria. Visual Studio sees IsNull as a variable which should be declared - obviously the IsNull function is not a part of Visual Basic, but I cannot find a comparable process.

In the second case, I am attempting to verify that the record pulled has a password matching what the user entered. Visual Studio informs me that the "Class 'System.Data.DataSet' cannot be indexed because it has no default property." I have no idea how to perform logic on data pulled through the SQL Select statement.

Cheryl dc Kern
 
Sort by date Sort by votes
First of all,
a dataset is similar to a database that resides in the memory.
a datatable is similar to a table in a database.


Code: 
Dim str As String = "myPassword"
If you want to check if a string is empty you can do the following
Code: 
If str.Length.ToString.Trim = 0 Then

        End If
or
Code: 
  If str.Trim = "" Then

        End If
or if the data from a database then use
Code: 
If IsDBNull(str) Then

        End If

to check a value from field(item) of a datatable inside a dataset use something like
Code: 
Dim ds As New DataSet
        ds.Tables.Add("tbl")
        If str = ds.Tables("tbl").Rows(0).Item(0) Then

        End If

Dig MSDN for more...


By the way to retrieve a value from db, best way to use "ExecuteScalar" method.




Zameer Abdulla
 
Upvote 0 Downvote
Couple of things you should check into:

1. Parameterized SQL.
2. SQL injection attacks.

Use this as your password:

'';drop table vwUserDBaccess --

I know the name of the table from your code but the point is you are opening up a big hole to your databases.
 
Upvote 0 Downvote
Use this as your password:'';drop table vwUserDBaccess --

I meant UserName
 
Upvote 0 Downvote
FIrst, I should apologize, the IsNull effort above came after I attempted "If ds.EOF AND ds.BOF Then"; I was pretty sure before I tried IsNull that it wouldn't work, because a non-existent dataset is not the same as a null string.

ZmrAbdulla: Thanks for giving me a good path to work down. Like I mentioned above, a big part of the struggle is that the terms you can use to successfully search for VBscript and VBA solutions don't work when searching for Visual Basic

TysonLPrice: Thank you for giving me that "Parameterized SQL" term to search for. It looks a lot easier than the long series of replace functions I've had to use in the past to clean up user-input variables before using them in SQL - I hadn't even started building them yet. This application is not a web application, and all comparisons are being built against views rather than tables, but I do still intend to protect against injection.

Thank you both, I am digging into these materials now.

Cheryl dc Kern
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Swi
  • Locked
  • Question
API - multipart/form-data
Replies
3
Views
1K
Swi
Swi
Andrzejek
  • Question
Update SQL's varbinary(max) field from VB6
Replies
4
Views
206
Andrzejek
Andrzejek
sal21
  • Question
get value from html page 1
Replies
7
Views
358
strongm
strongm
BigTG
  • Locked
  • Question
Converting an old XP VB6 program to run on Windows 7 & Windows 10
Replies
5
Views
580
vb5prgrmr
vb5prgrmr
sal21
  • Question
NOT FOR ME, get value from table web
Replies
1
Views
195
sal21
sal21

Part and Inventory Search

Sponsor

Back
Top