Solved

get value from database using VB and Mysql

Posted on 2006-11-28
19
245 Views
Last Modified: 2008-02-01
need some sample code to get single values from a query
0
Comment
Question by:prowebinteractive
  • 10
  • 9
19 Comments
 

Author Comment

by:prowebinteractive
Comment Utility
creating login screen

need to compare username and password to users table in my mysql database
0
 
LVL 24

Expert Comment

by:Jeff Certain
Comment Utility
Do you have the query written already?
0
 

Author Comment

by:prowebinteractive
Comment Utility
yes my query is writen, I just need to get the fields from the database
the following is what I have already


        Dim conn As New MySql.Data.MySqlClient.MySqlConnection
        Dim myConnectionString As String

        myConnectionString = "server=127.0.0.1;" _
                    & "uid=user;" _
                    & "pwd=password;" _
                    & "database=databaseName;"

        Try
            conn.ConnectionString = myConnectionString
            conn.Open()

        Catch ex As MySql.Data.MySqlClient.MySqlException
            MessageBox.Show(ex.Message)
        End Try


        Dim SqlString As String = "SELECT * FROM sysusers where email=textbox1"
        Dim Cmd As MySql.Data.MySqlClient.MySqlCommand = New MySql.Data.MySqlClient.MySqlCommand(SqlString)

        'MessageBox.Show()

        'Dim Cmd As OdbcCommand = New OdbcCommand(SqlString)


        'Dim myEmail As myEmail = "admin"
        If TextBox1.Text = "admin" And TextBox2.Text = "pass" Then
            Me.Hide()
            Form2.Show()
            'MessageBox.Show("your in !")
0
 
LVL 24

Expert Comment

by:Jeff Certain
Comment Utility
1. You need to look up "SQL injection attack"... your site is vulnerable to this type of attack.
2. I'd take the approach of checking for the existence of the user, like this:

Function CheckPassword(userName as string, password as string) as boolean
Dim myConnectionString As String = "server=127.0.0.1;" _
                    & "uid=user;" _
                    & "pwd=password;" _
                    & "database=databaseName;"

Using conn as new MySqlConnection(myConnectionString)
Using cmd as new MySqlCommand(String.Format("SELECT UserId FROM sysusers WHERE email='{0}' and password='{1}'", userName, password))
conn.open()
return (cmd.ExecuteScalar Is System.DBNULL.Value)
end using
end using
End function

This will return TRUE is a user exists who has the username and password you provide (you might have to tweak the field names in the query).

3. Consider changeing your control names to something useful.
0
 

Author Comment

by:prowebinteractive
Comment Utility
this was meant to connect to my database

Dim myConnectionString As String = "server=127.0.0.1;" _
                    & "uid=user;" _
                    & "pwd=password;" _
                    & "database=databaseName;"

I have the query alreadt done, what I need is to compare the infomation give in the password box and the info in the database

my original application is done in php on a linux server and this is the main reason why I need to keep the mysql server

my sysusers table is on a remote server
0
 
LVL 24

Expert Comment

by:Jeff Certain
Comment Utility
If you use the query I provided above, you do all the comparison on the database server. You connect to the database, check for the username/password pair and return true if it exists; otherwise false is returned. There's a minor typo -- it should be
return NOT (cmd.ExecuteScalar Is System.DBNULL.Value)

All you have to do is provide the function above with the username/password pair you want to check -- and make sure I named the fields right.

If this is a production app, you REALLY need to look at SQL injection. Your login page (the most public-facing page on your site) will allow malicious users to take over your site without a whole lot of effort.
0
 

Author Comment

by:prowebinteractive
Comment Utility
do i put this in my button click ?
0
 
LVL 24

Expert Comment

by:Jeff Certain
Comment Utility
In your button click, put something like

If CheckPassword(textBox1.text, textBox2.text) then
  Response.Redirect("secure page name")
else
  ' Do something here to display error message
end if
0
 

Author Comment

by:prowebinteractive
Comment Utility
Return (cmd.ExecuteScalar Is System.DBNull.Value)   error connection must be valid and open
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 24

Expert Comment

by:Jeff Certain
Comment Utility
Yes... which is why the line right before that in my code was conn.Open()
0
 

Author Comment

by:prowebinteractive
Comment Utility
i have conn.open()
0
 

Author Comment

by:prowebinteractive
Comment Utility
copy and paste of what I have


    Function CheckPassword(ByVal userName As String, ByVal password As String) As Boolean

        Dim myConnectionString As String = "server=127.0.0.1;" _
                            & "uid=bdipasq_bruno;" _
                            & "pwd=bd4321le;" _
                            & "database=bdipasq;"
        Try
            Using conn As New MySql.Data.MySqlClient.MySqlConnection(myConnectionString)
                Using cmd As New MySql.Data.MySqlClient.MySqlCommand(String.Format("SELECT sysUserId FROM sysusers WHERE email='{0}' and sysPasswd='{1}'", userName, password))
                    conn.Open()
                    Return (cmd.ExecuteScalar Is System.DBNull.Value)
                End Using
            End Using
        Catch ex As MySql.Data.MySqlClient.MySqlException
            MessageBox.Show(ex.Message)
        End Try

    End Function
0
 
LVL 24

Expert Comment

by:Jeff Certain
Comment Utility
The command object needs the connection:

Using cmd As New MySql.Data.MySqlClient.MySqlCommand(String.Format("SELECT sysUserId FROM sysusers WHERE email='{0}' and sysPasswd='{1}'", userName, password), conn)
0
 

Author Comment

by:prowebinteractive
Comment Utility
ok connection being made but Im entering the right information to login and Im not getting in

what is this doing   email='{0}' and sysPasswd='{1}
0
 
LVL 24

Expert Comment

by:Jeff Certain
Comment Utility
String.Format replaces each argument in {} with the arguments that follow... so
String.Format("SELECT sysUserId FROM sysusers WHERE email='{0}' and sysPasswd='{1}'", userName, password)
returns
SELECT sysUserId FROM sysusers WHERE email='<contents of userName variable>' and sysPasswd='<contents of password variable>'
0
 

Author Comment

by:prowebinteractive
Comment Utility
but in actual fact shouldnt textbox1.text   and textbox2.text go here ?
0
 
LVL 24

Expert Comment

by:Jeff Certain
Comment Utility
Sort of...

This is a function...declared as:  Function CheckPassword(ByVal userName As String, ByVal password As String) As Boolean

This means that you pass it textBox1.Text and textBox2.Text as arguments. (Again, I encourage you to give these controls meaningful names.)

Like this:
If CheckPassword(textBox1.text, textBox2.text) then
  Response.Redirect("secure page name")
else
  ' Do something here to display error message
end if
0
 

Author Comment

by:prowebinteractive
Comment Utility
k well for some reason or another Im not able to login...

something is not right somewhere
0
 
LVL 24

Accepted Solution

by:
Jeff Certain earned 500 total points
Comment Utility
Put a break-point on conn.Open()

This will let you run cmd.ExecuteScalar manually (using the watch window) to see what it returns, as well as checking that the right user name and password made it through to the function.

You also need to put the NOT in the line below, as I mentioned previously:
Return NOT (cmd.ExecuteScalar Is System.DBNull.Value)
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

If you're writing a .NET application to connect to an Access .mdb database and use pre-existing queries that require parameters, you've come to the right place! Let's say the pre-existing query(qryCust) in Access takes a Date as a parameter and l…
Introduction As chip makers focus on adding processor cores over increasing clock speed, developers need to utilize the features of modern CPUs.  One of the ways we can do this is by implementing parallel algorithms in our software.   One recent…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now