Click here to Skip to main content
13,731,136 members
Rate this:
Please Sign up or sign in to vote.
See more:
having problem with my login form with data log it keeps stucking need help please thank you

What I have tried:

Private Sub loginbtn_Click(sender As System.Object, e As System.EventArgs) Handles loginbtn.Click
        sqlconn = New MySqlConnection
        sqlconn.ConnectionString = "server=localhost;user id=root;password=;database=issa"
        Dim reread As MySqlDataReader

            Dim query As String

            query = "SELECT * from usersetup where Username='" & usernametxtbx.Text & "'and Password = '" & passtxbx.Text & "'"
            commando = New MySqlCommand(query, sqlconn)
            reread = commando.ExecuteReader
            Dim coount As Integer = 0

            While reread.Read
                coount = coount + 1
            End While

            strSQL = "Insert into datalogin (Username, Date, Time) values ('" & usernametxtbx.Text & "','" & date1.Text & "', '" & time1.Text & "')"
            Dim dd As New MySqlDataAdapter(strSQL, CONNECTION)
            usernametxtbx.Text = ""
            passtxbx.Text = ""

            If coount = 1 Then
                If (reread.Item("Restriction").ToString()) = "Admin" Then
                    MessageBox.Show(" Login Successfull as ADMIN. . . ")
                    MessageBox.Show(" Login Successfull as GUEST. . . ")

                End If

            ElseIf coount = 1 Then
                MessageBox.Show("Record Duplicated...")
                MessageBox.Show("Log in failed... Either Username or Password is not correct...")
            End If
        Catch ex As Exception
        End Try

    End Sub
Posted 4-Aug-17 21:28pm
Updated 5-Aug-17 2:16am
RickZeeland 5-Aug-17 6:47am
And how did you define the fields Date and Time in your datalogin table ?
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

Don't do it like that!
There are two serious problems with that code, and the two are interrelated:
1) Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^] - the code is in C#, but it's pretty simple, and online converters can translate it for you if necessary.

Put the two problems together and your login is useless: I can bypass your security and log in as you with full admin privileges just by entering my username as
Member 13347171';--
and leaving the password box empty.

Fix it here, fix it in the rest of your code and then worry about the problem you have noticed.

And stop swallowing exceptions: empty catch blocks just throw away all the information you need to fix a problem!
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
query = "SELECT * from usersetup where Username='" & usernametxtbx.Text & "'and Password = '" & passtxbx.Text & "'"

passtxbx.Text= "abc' or '1'='1"

your query is
... "'and Password = 'abc' or '1'='1'"

and will always be accepted as valid password, whatever is the real password.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Cookies | Terms of Service
Web06-2016 | 2.8.180920.1 | Last Updated 5 Aug 2017
Copyright © CodeProject, 1999-2018
All Rights Reserved.
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100