dr = cmd.ExecuteReader()

I have an error on this line:

 dr = cmd.ExecuteReader()

Incorrect syntax near '='.

What's wrong with my code?

Private Sub verifycus()
  Dim objConn As New SqlConnection("Server=myhost; Initial Catalog=mydb; User ID=myid; Password=mypw")
        objConn.Open()
        try
        dim VEmail, VGPassword
        Dim cmd As New SqlCommand("Select * FROM CustomerInfo WHERE Email= '" &VEmail &"' AND VGPassword = "&VPassword, objconn)
        Dim dr As SqlDataReader
        dr = cmd.ExecuteReader()
        While dr.Read
            Response.Write(dr.Item("Email"))
        End While
         dr.Close
               finally
               objConn.Close()
               objConn.Dispose()
               end try
 End Sub
LVL 1
net_susanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason ScolaroCommented:
Hi net_susan,

Try this:
Dim cmd As New SqlCommand("SELECT * FROM CustomerInfo WHERE Email= @email AND VGPassword = @password", objconn)
cmd.Parameters.Add(New SqlParameter("@email", VEmail))
cmd.Parameters.Add(New SqlParameter("@password", VPassword))

-- Jason
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
brdrokCommented:
Perhaps a typo?

Dim cmd As New SqlCommand("Select * FROM CustomerInfo WHERE Email= '" &VEmail &"' AND VGPassword =  ' " & VPassword & " ' ", objconn)
0
net_susanAuthor Commented:
Scolja,

BC30451: Name 'Email' is not declared.
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Jason ScolaroCommented:
net_susan,

I don't have "Email" anywhere, just hanging out... maybe you forgot the V in front of it on this line?

cmd.Parameters.Add(New SqlParameter("@email", VEmail))

-- Jason
0
craskinCommented:
you probably just need to initialize dr with 'New'.  

Dim dr As New SqlDataReader
0
craskinCommented:
Dim cmd As New SqlCommand("Select * FROM CustomerInfo WHERE Email= '" &VEmail &"' AND VGPassword = "&VPassword, objconn)

on this line, why do you have double quotes before &VEmail? should just be

WHERE Email = " & VEmail & " AND VGPassword = " & VPassword, objConn)
0
Jason ScolaroCommented:
craskin,

Actually, you can't instantiate a SqlDataReader, it has to be assigned.

-- Jason
0
net_susanAuthor Commented:
Jason,

I must have messed up somewhere?

Private Sub verifycus()
Dim objConn As New SqlConnection("Server=myhost; Initial Catalog=mydb; User ID=myid; Password=mypw")
        objConn.Open()
               try
        dim VEemail, VPassword
Dim cmd As New SqlCommand("SELECT * FROM CustomerInfo WHERE Email= @VEemail AND VGPassword = @Vpassword", objconn)
cmd.Parameters.Add(New SqlParameter("@email", VEemail))
cmd.Parameters.Add(New SqlParameter("@VGpassword", VPassword))
        Dim dr As SqlDataReader
        dr = cmd.ExecuteReader()
        While dr.Read
            Response.Write(dr.Item("Email"))
        End While
         dr.Close
               finally
               objConn.Close()
               objConn.Dispose()
               end try
 End Sub
0
Jason ScolaroCommented:
net_susan,

Well, from looking at this code... I'm not sure what you're trying to do... you declare your two variables VEemail and VPassword immediately before the New SqlCommand() line.  But then you pass those two variables into the SQL, but they're going to be blank, right?  You haven't assigned a value to them.....

So I'm not sure how you expect to receive any results.  Maybe you can clear this up for me....

-- Jason
0
net_susanAuthor Commented:
Sorry. I'm passing them from the previous page (or at least trying to).

Protected Sub signinSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Response.Redirect("next.aspx?VEemail='"+syEmail.Text +"'&VPassword='"+syPassword.Text+"'")
End Sub

That page works.
0
Jason ScolaroCommented:
Then you need to retrieve them on your new page:

Dim VEemail As String = Request.QueryString("VEemail")
Dim VPassword As String = Request.QueryString("VPassword")

Those 2 lines should replace this one:

dim VEemail, VPassword

-- Jason
0
net_susanAuthor Commented:
Thanks, new q coming soon.  :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.