Solved

get value from database using VB and Mysql

Posted on 2006-11-28
19
270 Views
Last Modified: 2008-02-01
need some sample code to get single values from a query
0
Comment
Question by:prowebinteractive
  • 10
  • 9
19 Comments
 

Author Comment

by:prowebinteractive
ID: 18031171
creating login screen

need to compare username and password to users table in my mysql database
0
 
LVL 24

Expert Comment

by:Jeff Certain
ID: 18032101
Do you have the query written already?
0
 

Author Comment

by:prowebinteractive
ID: 18036742
yes my query is writen, I just need to get the fields from the database
the following is what I have already


        Dim conn As New MySql.Data.MySqlClient.MySqlConnection
        Dim myConnectionString As String

        myConnectionString = "server=127.0.0.1;" _
                    & "uid=user;" _
                    & "pwd=password;" _
                    & "database=databaseName;"

        Try
            conn.ConnectionString = myConnectionString
            conn.Open()

        Catch ex As MySql.Data.MySqlClient.MySqlException
            MessageBox.Show(ex.Message)
        End Try


        Dim SqlString As String = "SELECT * FROM sysusers where email=textbox1"
        Dim Cmd As MySql.Data.MySqlClient.MySqlCommand = New MySql.Data.MySqlClient.MySqlCommand(SqlString)

        'MessageBox.Show()

        'Dim Cmd As OdbcCommand = New OdbcCommand(SqlString)


        'Dim myEmail As myEmail = "admin"
        If TextBox1.Text = "admin" And TextBox2.Text = "pass" Then
            Me.Hide()
            Form2.Show()
            'MessageBox.Show("your in !")
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 24

Expert Comment

by:Jeff Certain
ID: 18037458
1. You need to look up "SQL injection attack"... your site is vulnerable to this type of attack.
2. I'd take the approach of checking for the existence of the user, like this:

Function CheckPassword(userName as string, password as string) as boolean
Dim myConnectionString As String = "server=127.0.0.1;" _
                    & "uid=user;" _
                    & "pwd=password;" _
                    & "database=databaseName;"

Using conn as new MySqlConnection(myConnectionString)
Using cmd as new MySqlCommand(String.Format("SELECT UserId FROM sysusers WHERE email='{0}' and password='{1}'", userName, password))
conn.open()
return (cmd.ExecuteScalar Is System.DBNULL.Value)
end using
end using
End function

This will return TRUE is a user exists who has the username and password you provide (you might have to tweak the field names in the query).

3. Consider changeing your control names to something useful.
0
 

Author Comment

by:prowebinteractive
ID: 18039267
this was meant to connect to my database

Dim myConnectionString As String = "server=127.0.0.1;" _
                    & "uid=user;" _
                    & "pwd=password;" _
                    & "database=databaseName;"

I have the query alreadt done, what I need is to compare the infomation give in the password box and the info in the database

my original application is done in php on a linux server and this is the main reason why I need to keep the mysql server

my sysusers table is on a remote server
0
 
LVL 24

Expert Comment

by:Jeff Certain
ID: 18039300
If you use the query I provided above, you do all the comparison on the database server. You connect to the database, check for the username/password pair and return true if it exists; otherwise false is returned. There's a minor typo -- it should be
return NOT (cmd.ExecuteScalar Is System.DBNULL.Value)

All you have to do is provide the function above with the username/password pair you want to check -- and make sure I named the fields right.

If this is a production app, you REALLY need to look at SQL injection. Your login page (the most public-facing page on your site) will allow malicious users to take over your site without a whole lot of effort.
0
 

Author Comment

by:prowebinteractive
ID: 18039397
do i put this in my button click ?
0
 
LVL 24

Expert Comment

by:Jeff Certain
ID: 18039898
In your button click, put something like

If CheckPassword(textBox1.text, textBox2.text) then
  Response.Redirect("secure page name")
else
  ' Do something here to display error message
end if
0
 

Author Comment

by:prowebinteractive
ID: 18041469
Return (cmd.ExecuteScalar Is System.DBNull.Value)   error connection must be valid and open
0
 
LVL 24

Expert Comment

by:Jeff Certain
ID: 18041788
Yes... which is why the line right before that in my code was conn.Open()
0
 

Author Comment

by:prowebinteractive
ID: 18045156
i have conn.open()
0
 

Author Comment

by:prowebinteractive
ID: 18045166
copy and paste of what I have


    Function CheckPassword(ByVal userName As String, ByVal password As String) As Boolean

        Dim myConnectionString As String = "server=127.0.0.1;" _
                            & "uid=bdipasq_bruno;" _
                            & "pwd=bd4321le;" _
                            & "database=bdipasq;"
        Try
            Using conn As New MySql.Data.MySqlClient.MySqlConnection(myConnectionString)
                Using cmd As New MySql.Data.MySqlClient.MySqlCommand(String.Format("SELECT sysUserId FROM sysusers WHERE email='{0}' and sysPasswd='{1}'", userName, password))
                    conn.Open()
                    Return (cmd.ExecuteScalar Is System.DBNull.Value)
                End Using
            End Using
        Catch ex As MySql.Data.MySqlClient.MySqlException
            MessageBox.Show(ex.Message)
        End Try

    End Function
0
 
LVL 24

Expert Comment

by:Jeff Certain
ID: 18045970
The command object needs the connection:

Using cmd As New MySql.Data.MySqlClient.MySqlCommand(String.Format("SELECT sysUserId FROM sysusers WHERE email='{0}' and sysPasswd='{1}'", userName, password), conn)
0
 

Author Comment

by:prowebinteractive
ID: 18046135
ok connection being made but Im entering the right information to login and Im not getting in

what is this doing   email='{0}' and sysPasswd='{1}
0
 
LVL 24

Expert Comment

by:Jeff Certain
ID: 18046176
String.Format replaces each argument in {} with the arguments that follow... so
String.Format("SELECT sysUserId FROM sysusers WHERE email='{0}' and sysPasswd='{1}'", userName, password)
returns
SELECT sysUserId FROM sysusers WHERE email='<contents of userName variable>' and sysPasswd='<contents of password variable>'
0
 

Author Comment

by:prowebinteractive
ID: 18046202
but in actual fact shouldnt textbox1.text   and textbox2.text go here ?
0
 
LVL 24

Expert Comment

by:Jeff Certain
ID: 18046252
Sort of...

This is a function...declared as:  Function CheckPassword(ByVal userName As String, ByVal password As String) As Boolean

This means that you pass it textBox1.Text and textBox2.Text as arguments. (Again, I encourage you to give these controls meaningful names.)

Like this:
If CheckPassword(textBox1.text, textBox2.text) then
  Response.Redirect("secure page name")
else
  ' Do something here to display error message
end if
0
 

Author Comment

by:prowebinteractive
ID: 18046303
k well for some reason or another Im not able to login...

something is not right somewhere
0
 
LVL 24

Accepted Solution

by:
Jeff Certain earned 500 total points
ID: 18046325
Put a break-point on conn.Open()

This will let you run cmd.ExecuteScalar manually (using the watch window) to see what it returns, as well as checking that the right user name and password made it through to the function.

You also need to put the NOT in the line below, as I mentioned previously:
Return NOT (cmd.ExecuteScalar Is System.DBNull.Value)
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
vb.net winforms sizing/resolution? 4 42
Get month and date in a format 4 32
Access/Visual Basic Question 3 25
Access Schema 6 26
This article explains how to create and use a custom WaterMark textbox class.  The custom WaterMark textbox class allows you to set the WaterMark Background Color and WaterMark text at design time.   IMAGE OF WATERMARKS STEPS Create VB …
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question