Click here to Skip to main content
14,692,015 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Imports System.Data
Imports System.Data.SqlClient


Public Class LoginForm1
    
    Dim da As SqlDataAdapter
    Dim ds As DataSet
    Dim query As String
    Dim sqlq As String

    Private Sub DELETETIME()
        If con.State = ConnectionState.Open Then con.Close()
        con.Open()

        
        query = "DELETE FROM USERLOG WHERE USERID='" & USERNAME & "'"

        COMMAND = New SqlCommand(query, con)
        COMMAND.ExecuteNonQuery()

    End Sub


    
    Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click
        Dim CMD As SqlCommand
        If con.State = ConnectionState.Open Then con.Close()
        con.Open()

        query = "select * from USERLOGIN where USERID='" & txtUsername.Text & "'and UPASSWORD='" & txtPasswd.Text & "'"

        da = New SqlDataAdapter(query, con)
        ds = New DataSet
        da.Fill(ds)
        If ds.Tables(0).Rows.Count > 0 Then
            'valid user
            USERNAME = txtUsername.Text

            USERTYPE = ds.Tables(0).Rows(0).Item(3)
            logintime = Now
            DELETETIME()

            If con.State = ConnectionState.Open Then con.Close()
            con.Open()

            'query = "UPDATE USERLOG SET ULOGDATE='" & Today & "',ULOGINTIME='" & Now & "' WHERE USERID='" & USERNAME & "'"
            query = "INSERT INTO USERLOG VALUES('" & txtUsername.Text & "','" & Today & "','" & Now.TimeOfDay.ToString & "')"

            CMD = New SqlCommand(query, con)
            CMD.ExecuteNonQuery()


            con.Open()
            

            con.Close()


            frmMDIMain.Show()
            Me.Hide()


        Else
            MsgBox("INVALID LOGIN")
            
        End If

        txtUsername.Text = ""
        txtPasswd.Text = ""
        txtUsername.Focus()


    End Sub

    Private Sub Cancel_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        'Me.Close()
        End
    End Sub

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
        txtUsername.Text = ""
        txtPasswd.Text = ""
        txtUsername.Focus()

    End Sub

    Private Sub LoginForm1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Call myConnection()
        txtUsername.Focus()

    End Sub

    
End Class





when I run it."AN unhandled exception of type 'system.data.sqlclient.sqlException' occured in system.data.dll" this run time error is obtained.

how can I over come from this??
Posted

1 solution

Examine the details in the exception you are getting. This will give some insight into why SQL is throwing an exception.

Looking at the code there are a couple of things that might be the problem.

- What if the username contains an apostrophe (e.g. O'Neil).
- Are the date and time provided compatible with the databases expectation.

The best way of solving both these problems is to use Parameterized Queries.

This also has the advantage of removing a massive security issue with what you are doing. The way you are constructing SQL strings is a common defect, and has been used many times by hackers to break into systems. Parameterized queries eliminates this.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900