VS 2010 - VB Login Query returning one row all the time

SQLConPPI.SQLDSPPI.Tables.Count  is always returning one row, so I cannot see an invalid login - someone said I should be querying the data fill - I just dont know what to do?!!?

      Dim strLogin As New System.Text.StringBuilder
            strLogin.Append("Select * from [PD_MA_USERS] where username = '")
            strLogin.Append(Me.txtUserName.Text)
            strLogin.Append("' and password = '")
            strLogin.Append(Me.txtPassword.Text)
            strLogin.Append("'")
            MessageBox.Show(strLogin.ToString())
 
            'strLogin.Append(strLogin.ToString())
            If SQLConPPI.HasConnection = True Then
                SQLConPPI.PersonelForAssignment(strLogin.ToString)
                MsgBox(Str(SQLConPPI.SQLDSPPI.Tables.Count))
                If SQLConPPI.SQLDSPPI.Tables.Count > 0 Then
                    Dim Open_Main_PD As Form = Main_PD
 
                    Me.Visible = False
                    Open_Main_PD.ShowDialog()
                    Exit Sub
                Else
                    MessageBox.Show("Login credentials incorrect")
                End If
            End If

Open in new window

ralphp1355Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

chaauCommented:
First of all, your query is prone to the SQL injection.
If I type this string as the user name and type 1 as a password your query will let me in:
a' or 1=1;--

Open in new window

(you can test once you fix your problems)

Now, to your problem. The SQLConPPI.SQLDSPPI.Tables is most likely a collection of tables. You need to check the SQLConPPI.SQLDSPPI.Tables(0), as it is most likely will be the one that is filled with data. I do not know the code inside your PersonelForAssignment function, I just assume it. So, you need to test like this:
If SQLConPPI.SQLDSPPI.Tables.Count > 0 AndAlso SQLConPPI.SQLDSPPI.Tables(0).Rows.Count > 0 Then

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ralphp1355Author Commented:
Great thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.