Josh Strachan Josh Strachan - 4 months ago 12
Vb.net Question

Error when trying to implement login script for visual basic application in visual studio 2015

Hi I'm sure this is an extremely simple issue to fix but i'm completely new to this and just following a tutorial online but i can't adapt the code for my uses. Basically i keep getting the following error when i try to use nvarchar instead of int for my username and password columns in my database:


An unhandled exception of type 'System.Data.SqlClient.SqlException'
occurred in System.Data.dll


here is my code:

Public Class Login
Private Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
Dim con As New SqlClient.SqlConnection(MyConnection.MyConnectionString)
con.Open()
Dim dr As SqlClient.SqlDataReader
Dim cmd As New SqlClient.SqlCommand("select * from [customer_login] where username=" + tbUsename.Text + " and password=" + tbPassword.Text + "", con)
dr = cmd.ExecuteReader
If dr.Read Then
MsgBox("you are logged on as" + tbUsename.Text + "put logged in home page here")
End If

End Sub
End Class


edit: full error message is:

An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll

Additional information: Invalid column name 'a123'.

Invalid column name 'a123'.

Answer

single quotes are missing in your query

Public Class Login
    Private Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
        Dim con As New SqlClient.SqlConnection(MyConnection.MyConnectionString)
        con.Open()
        Dim dr As SqlClient.SqlDataReader
        Dim cmd As New SqlClient.SqlCommand("select * from [customer_login] where username='" + tbUsename.Text + "' and password='" + tbPassword.Text + "'", con)
        dr = cmd.ExecuteReader
        If dr.Read Then
            MsgBox("you are logged on as" + tbUsename.Text)
            'put logged in home page here.show()
        End If

    End Sub
End Class
Comments