Results 1 to 3 of 3

Thread: VB.Net Help

  1. 20-06-10 #1
    M4T VW
    M4T VW is online now
    7-11 Mon-Friday + Weekend M4T VW's Avatar
    Join Date
    Aug 2007
    Location
    Bristol
    Posts
    5,915
    Thanks
    79
    Thanked 164 Times in 126 Posts
    Rep Power
    3

    Default VB.Net Help

    Just having a play on writing stuff to a database like usernames and passwords etc but for some reason it wont save the info to a database!

    My button info is:

    Private Sub Button2_Click_1(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
    'Add Button
    If TextBox1.Text = "" OrElse TextBox2.Text = "" Then
    MsgBox("Please enter the complete name!", MsgBoxStyle.Exclamation + MsgBoxStyle.OkOnly, "Error")
    Exit Sub
    End If
    con.Open()

    Dim rs As New OleDb.OleDbCommand(
    "INSERT INTO Users ([Username], [Password]) VALUES ('" &
    StrConv(TextBox1.Text, VbStrConv.Uppercase) & "','" &
    StrConv(TextBox2.Text, VbStrConv.Uppercase) & "','" &
    StrConv(TextBox3.Text, VbStrConv.Uppercase) & "','" &
    ComboBox1.Text & "'," &
    Val(TextBox4.Text) & ")", con)
    rs.ExecuteNonQuery()
    con.Close()
    LoadGrid("")
    ClearText()
    End Sub

    But i get an "Insert into" error.
    Ive put the username in square brackets because a read that the username is possibly a reserved field.

    Any ideas on why it wont save to the database?
    Reply With Quote Reply With Quote
  2. 23-06-10 #2
    andyn
    andyn is offline
    Administrator
    Join Date
    Jan 2010
    Location
    chickentown
    Posts
    5,592
    Thanks
    532
    Thanked 1,240 Times in 865 Posts
    Rep Power
    2

    Default

    Your basic problem is that you are specifying two fields, but trying to insert 3 values:

    INSERT INTO (X, Y) VALUES (X, Y, Z)

    I wouldn't recommend using this code on any public-facing website you cared about however, because you leave yourself wide open to an SQL injection attack by black-hat haxxors. Essentially you need to filter user input to ensure that they don't send naughty stuff, or use Parametrised SQL statements, or both.

    Obviously if this is just for the purposes of teaching yourself you might not be too worried about that, but it's something to be aware of.
    Reply With Quote Reply With Quote
  3. 24-06-10 #3
    M4T VW
    M4T VW is online now
    7-11 Mon-Friday + Weekend M4T VW's Avatar
    Join Date
    Aug 2007
    Location
    Bristol
    Posts
    5,915
    Thanks
    79
    Thanked 164 Times in 126 Posts
    Rep Power
    3

    Default

    Thanks Andy. Ive manage to get it working by using parametrised code, I will post it later to show everyone.

    Ive made a little form to select the database location but my database has a password and i need a way of saving this password but encrypted.
    It doesnt matter too much as this is only a small program to be used internally by 2 people, But i want to do it properly.
    Also noticed how my connection string password is not encrypted!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules