Click here to Skip to main content
15,918,808 members
Please Sign up or sign in to vote.
3.40/5 (3 votes)
See more:
I am creating a login page, for my software, but the login query keeps failing!

My Design: Design Image
My Database: Database Image

Yet, every time I execute the program I get an error: Error Image

I got this code from this YouTube video: Visual Studio 2012 - 2015 Microsoft Access Login VB.NET - YouTube

What I have tried:

My Code: <pre lang="vb">Public Class LoginForm
    Private Sub QuitButton_Click(sender As Object, e As EventArgs) Handles QuitButton.Click
        Me.Close()
    End Sub

    Private Sub SubmitButton_Click(sender As Object, e As EventArgs) Handles SubmitButton.Click
        Dim user As String
        Dim pass As String
        user = UserTextBox.Text
        pass = PassTextBox.Text
        If UsersTableAdapter.LoginQuery(user, pass) Then
            MsgBox("User Authenticated!")
        Else
            MsgBox("Invalid Credentials!")
        End If
    End Sub
End Class

My Query:
VB
SELECT        Username, [Password]
FROM            Users
WHERE        (Username = ?) AND ([Password] = ?)
Posted
Updated 9-Feb-18 15:11pm

1 solution

:sigh:
YouTube videos of "how to code security" ... about as useful as a tissue-paper kettle.

Stop trying to code from YouTube - it's pretty clear that the author has absolutely no idea what he is doing.

Never store passwords in clear text: it's a major security risk. Always hash them, and compare the hashes. Password Storage: How to do it.[^] explains - the code is in C# but it's pretty obvious stuff.

Without your UsersTableAdapter.LoginQuery code we can't tell exactly what is happening there, but the error implies that one or other of your parameters is wrong - the system is trying to cast it to a Boolean value before it passes it to SQL.
 
Share this answer
 
Comments
Arnav Varshney 25-Apr-17 5:04am    
The UsersTableAdapter.LoginQuery is the one I have posted as 'My Query:' here!
And, I am just a kid making some random program, so I didn't think of hashing those passwords!
OriginalGriff 25-Apr-17 5:14am    
No, it isn't. It's the VB code that tells SQL to run that query - not the query itself!
Even beginners have to start somewhere - and it's a lot, lot easier to get into good habits from the start rather than try to break bad ones once they are established. So watching videos by other people who don't know what they are doing doesn't help you in the long run, it makes your life harder.

Instead, get a book, or better go on a course - they present the material in a structured way so you don't miss important things (like SQL Injection, security basics, and so on) that could make your life a lot easier later.
Arnav Varshney 25-Apr-17 5:32am    
Yet, any way I could make it work?
Richard Deeming 25-Apr-17 16:01pm    
Skimming through the video, he's returning an extra column at the start of his query - Customer_ID.

It looks like the generated query method just returns the value of the first column of the first row returned from the query. In his case, that's an Integer; in your case, it's a String.

He's then relying on VB's implicit type coercion - an extremely bad thing! - to convert the Integer to a Boolean: 0 will convert to False, and anything else will convert to True.

In your code, because you're returning a String, and it doesn't contain either "True" or "False", it can't be coerced to a Boolean, and you get a run-time error.

The quick-and-dirty fix is to test whether the query method returns Nothing:
If UsersTableAdapter.LoginQuery(user, pass) IsNot Nothing Then
    MsgBox("User Authenticated!")
Else
    MsgBox("Invalid Credentials!")
End If


But, as Griff said, the author of that video clearly doesn't know what he's doing, and is not a good source to learn from. :)

(And you should always compile with Option Strict turned on, which would have given you a compile-time error instead of the run-time error.)
Arnav Varshney 26-Apr-17 4:35am    
Thanks a lot!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900