hotchongas hotchongas - 1 year ago 144 Question

Additional information: Login failed for user ''. SQL Server 2012

I've been stock in this problem:

enter image description here

Imports System.ComponentModel
Imports System.Data.SqlClient

Public Class Form1
Dim MyConnection As SqlConnection = New SqlConnection("Server=DESKTOP-I0N45MV\SQL2012;Database=user;uid=;pwd=")
Dim MyDataAdapter As New SqlDataAdapter()
Dim MyDataAdapter1 As New SqlDataAdapter()
Dim Result As String
Dim Result1 As String

Private Sub login_Click(sender As Object, e As EventArgs) Handles login.Click
MyDataAdapter.SelectCommand = New SqlCommand()
MyDataAdapter1.SelectCommand = New SqlCommand()

MyDataAdapter.SelectCommand.Connection = MyConnection
MyDataAdapter1.SelectCommand.Connection = MyConnection
MyDataAdapter.SelectCommand.CommandText = "Select Username From users WHERE Username ='" & user_.Text & "'"
MyDataAdapter1.SelectCommand.CommandText = "Select Password From users WHERE Password ='" & pass_.Text & "'"
Result = MyDataAdapter.SelectCommand.ExecuteScalar()
Result1 = MyDataAdapter1.SelectCommand.ExecuteScalar()

Answer Source

Firstly do not ever use this:
MyDataAdapter.SelectCommand.CommandText = "SELECT Username FROM users WHERE Username ='" & user_.Text & "'" since it will let your code be injectable by SQL injection, use a stored procedure or parameterized queries instead.

Secondly I don't understand why you would use two queries.
Can't you do it with just one like SELECT Username FROM users WHERE Username = 'foo' AND Password = 'bar' and then just use the result of this query?

Thirdly I would recommend that you pass the connection string as a parameter to your project. If you are coding a WinForms project, you can access it like this : Dim connection As New SqlConnection(My.Settings.connectionString)

And lastly since that's what you asked, your connection string should look like Server=YourServerName;Database=YourDBName;Trusted_Connection=True;.
If you use Windows Authentication on your SQL Server, it should look remotely like this Server=myServerAddress;Database=myDataBase;User Id=myUsername; Password=myPassword;, if you are using username and password to authenticate.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download