Oh dear... :sigh:
Where do I start?
With the SQL Injection? The text based passwords? The redundant code? The outdated functions? Or the implication that this is Web based and you are using message boxes?
They are all problems...and they don't include the problem you have found!
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Never store passwords in clear text - it is a major security risk. There is some information on how to do it here:
Password Storage: How to do it.[
^] (It's in C#, but the pronciples are the same. You should also see here:
Commitstrip[
^] which might help to explain how such behaviour is considered by the real world.
Why do this:
Dim cmd As OleDb.OleDbCommand = New OleDb.OleDbCommand("SELECT * FROM tbluser", connect)If you are going to immediately do this:
cmd = New OleDb.OleDbCommand(sql, connect)
Why not just create one command?
MsgBox was replaced in 2005 with the more up-to-date MessageBox class and it's Show method. You shouldn't be using the older functions in new code - compatibility only.
VB.NET is web based. Message Boxes are Forms based. If you use a Message Box in a web based system, the client will never see it because it is displayed at the server. It appears to work for development because the two computers are the same physical unit - but in production it fails badly - and convinces your users that your application is rubbish...
Fix that lot, and it's very, very likely that your other problems will just disappear on their own.
Don't fix them, and you are heading for a world of pain...:sigh:
Submit an article or tip