[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 331
  • Last Modified:

get value from database using VB and Mysql

need some sample code to get single values from a query
0
prowebinteractive
Asked:
prowebinteractive
  • 10
  • 9
1 Solution
 
prowebinteractiveAuthor Commented:
creating login screen

need to compare username and password to users table in my mysql database
0
 
Jeff CertainCommented:
Do you have the query written already?
0
 
prowebinteractiveAuthor Commented:
yes my query is writen, I just need to get the fields from the database
the following is what I have already


        Dim conn As New MySql.Data.MySqlClient.MySqlConnection
        Dim myConnectionString As String

        myConnectionString = "server=127.0.0.1;" _
                    & "uid=user;" _
                    & "pwd=password;" _
                    & "database=databaseName;"

        Try
            conn.ConnectionString = myConnectionString
            conn.Open()

        Catch ex As MySql.Data.MySqlClient.MySqlException
            MessageBox.Show(ex.Message)
        End Try


        Dim SqlString As String = "SELECT * FROM sysusers where email=textbox1"
        Dim Cmd As MySql.Data.MySqlClient.MySqlCommand = New MySql.Data.MySqlClient.MySqlCommand(SqlString)

        'MessageBox.Show()

        'Dim Cmd As OdbcCommand = New OdbcCommand(SqlString)


        'Dim myEmail As myEmail = "admin"
        If TextBox1.Text = "admin" And TextBox2.Text = "pass" Then
            Me.Hide()
            Form2.Show()
            'MessageBox.Show("your in !")
0
[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

 
Jeff CertainCommented:
1. You need to look up "SQL injection attack"... your site is vulnerable to this type of attack.
2. I'd take the approach of checking for the existence of the user, like this:

Function CheckPassword(userName as string, password as string) as boolean
Dim myConnectionString As String = "server=127.0.0.1;" _
                    & "uid=user;" _
                    & "pwd=password;" _
                    & "database=databaseName;"

Using conn as new MySqlConnection(myConnectionString)
Using cmd as new MySqlCommand(String.Format("SELECT UserId FROM sysusers WHERE email='{0}' and password='{1}'", userName, password))
conn.open()
return (cmd.ExecuteScalar Is System.DBNULL.Value)
end using
end using
End function

This will return TRUE is a user exists who has the username and password you provide (you might have to tweak the field names in the query).

3. Consider changeing your control names to something useful.
0
 
prowebinteractiveAuthor Commented:
this was meant to connect to my database

Dim myConnectionString As String = "server=127.0.0.1;" _
                    & "uid=user;" _
                    & "pwd=password;" _
                    & "database=databaseName;"

I have the query alreadt done, what I need is to compare the infomation give in the password box and the info in the database

my original application is done in php on a linux server and this is the main reason why I need to keep the mysql server

my sysusers table is on a remote server
0
 
Jeff CertainCommented:
If you use the query I provided above, you do all the comparison on the database server. You connect to the database, check for the username/password pair and return true if it exists; otherwise false is returned. There's a minor typo -- it should be
return NOT (cmd.ExecuteScalar Is System.DBNULL.Value)

All you have to do is provide the function above with the username/password pair you want to check -- and make sure I named the fields right.

If this is a production app, you REALLY need to look at SQL injection. Your login page (the most public-facing page on your site) will allow malicious users to take over your site without a whole lot of effort.
0
 
prowebinteractiveAuthor Commented:
do i put this in my button click ?
0
 
Jeff CertainCommented:
In your button click, put something like

If CheckPassword(textBox1.text, textBox2.text) then
  Response.Redirect("secure page name")
else
  ' Do something here to display error message
end if
0
 
prowebinteractiveAuthor Commented:
Return (cmd.ExecuteScalar Is System.DBNull.Value)   error connection must be valid and open
0
 
Jeff CertainCommented:
Yes... which is why the line right before that in my code was conn.Open()
0
 
prowebinteractiveAuthor Commented:
i have conn.open()
0
 
prowebinteractiveAuthor Commented:
copy and paste of what I have


    Function CheckPassword(ByVal userName As String, ByVal password As String) As Boolean

        Dim myConnectionString As String = "server=127.0.0.1;" _
                            & "uid=bdipasq_bruno;" _
                            & "pwd=bd4321le;" _
                            & "database=bdipasq;"
        Try
            Using conn As New MySql.Data.MySqlClient.MySqlConnection(myConnectionString)
                Using cmd As New MySql.Data.MySqlClient.MySqlCommand(String.Format("SELECT sysUserId FROM sysusers WHERE email='{0}' and sysPasswd='{1}'", userName, password))
                    conn.Open()
                    Return (cmd.ExecuteScalar Is System.DBNull.Value)
                End Using
            End Using
        Catch ex As MySql.Data.MySqlClient.MySqlException
            MessageBox.Show(ex.Message)
        End Try

    End Function
0
 
Jeff CertainCommented:
The command object needs the connection:

Using cmd As New MySql.Data.MySqlClient.MySqlCommand(String.Format("SELECT sysUserId FROM sysusers WHERE email='{0}' and sysPasswd='{1}'", userName, password), conn)
0
 
prowebinteractiveAuthor Commented:
ok connection being made but Im entering the right information to login and Im not getting in

what is this doing   email='{0}' and sysPasswd='{1}
0
 
Jeff CertainCommented:
String.Format replaces each argument in {} with the arguments that follow... so
String.Format("SELECT sysUserId FROM sysusers WHERE email='{0}' and sysPasswd='{1}'", userName, password)
returns
SELECT sysUserId FROM sysusers WHERE email='<contents of userName variable>' and sysPasswd='<contents of password variable>'
0
 
prowebinteractiveAuthor Commented:
but in actual fact shouldnt textbox1.text   and textbox2.text go here ?
0
 
Jeff CertainCommented:
Sort of...

This is a function...declared as:  Function CheckPassword(ByVal userName As String, ByVal password As String) As Boolean

This means that you pass it textBox1.Text and textBox2.Text as arguments. (Again, I encourage you to give these controls meaningful names.)

Like this:
If CheckPassword(textBox1.text, textBox2.text) then
  Response.Redirect("secure page name")
else
  ' Do something here to display error message
end if
0
 
prowebinteractiveAuthor Commented:
k well for some reason or another Im not able to login...

something is not right somewhere
0
 
Jeff CertainCommented:
Put a break-point on conn.Open()

This will let you run cmd.ExecuteScalar manually (using the watch window) to see what it returns, as well as checking that the right user name and password made it through to the function.

You also need to put the NOT in the line below, as I mentioned previously:
Return NOT (cmd.ExecuteScalar Is System.DBNull.Value)
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 10
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now