VB.Net Help [Archive] - Aria Forums - UK's #1 Performance Hardware Community

View Full Version : VB.Net Help

M4T VW

20-06-10, 17:56

Just having a play on writing stuff to a database like usernames and passwords etc but for some reason it wont save the info to a database!

My button info is:

Private Sub Button2_Click_1(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
'Add Button
If TextBox1.Text = "" OrElse TextBox2.Text = "" Then
MsgBox("Please enter the complete name!", MsgBoxStyle.Exclamation + MsgBoxStyle.OkOnly, "Error")
Exit Sub
End If
con.Open()

Dim rs As New OleDb.OleDbCommand(
"INSERT INTO Users ([Username], [Password]) VALUES ('" &
StrConv(TextBox1.Text, VbStrConv.Uppercase) & "','" &
StrConv(TextBox2.Text, VbStrConv.Uppercase) & "','" &
StrConv(TextBox3.Text, VbStrConv.Uppercase) & "','" &
ComboBox1.Text & "'," &
Val(TextBox4.Text) & ")", con)
rs.ExecuteNonQuery()
con.Close()
LoadGrid("")
ClearText()
End Sub

But i get an "Insert into" error.
Ive put the username in square brackets because a read that the username is possibly a reserved field.

Any ideas on why it wont save to the database?

andyn

23-06-10, 10:27

Your basic problem is that you are specifying two fields, but trying to insert 3 values:

INSERT INTO (X, Y) VALUES (X, Y, Z)

I wouldn't recommend using this code on any public-facing website you cared about however, because you leave yourself wide open to an SQL injection (http://en.wikipedia.org/wiki/SQL_injection) attack by black-hat haxxors. Essentially you need to filter user input to ensure that they don't send naughty stuff, or use Parametrised SQL statements (http://en.wikipedia.org/wiki/Parameterized_statements#Parameterized_statements) , or both.

Obviously if this is just for the purposes of teaching yourself you might not be too worried about that, but it's something to be aware of.

M4T VW

24-06-10, 11:15

Thanks Andy. Ive manage to get it working by using parametrised code, I will post it later to show everyone.

Ive made a little form to select the database location but my database has a password and i need a way of saving this password but encrypted.
It doesnt matter too much as this is only a small program to be used internally by 2 people, But i want to do it properly.
Also noticed how my connection string password is not encrypted!