-1

Can anyone help me with that? I am trying to connet but it didnt work.

Imports System.Data.SqlClient

Public Class Form2

    Public Property newForm As Object

    Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click
        Me.Close()
    End Sub

    Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click

        If (MsgBox("Vill Du fortsätta?", vbQuestion + vbYesNo, AppTitle) = MsgBoxResult.Yes) Then        
        End If

        If TextBox1Username.Text = "" Or String.IsNullOrEmpty(TextBox1Username.Text) Or
         TextBox2Password.Text = "" Or String.IsNullOrEmpty(TextBox2Password.Text) Then        
            Return
        End If        

        Dim form As New FormNewAccount()        
        Dim connection As New SqlConnection("server = C:\Users\Hassan Al-Shommary\Documents\Login.md; Trusted_Connection = True ")        
        Dim command As New SqlCommand("Select * from Login where" = (Username =' +  TextBox1Username.Text), connection)
        Dim command As New SqlCommand("Select * from Login where" = (Password =' +  TextBox2Password.Text), connection)

        command.Parameters.Add("@Username", SqlDbType.VarChar).Value = TextBox1Username.Text
        command.Parameters.Add("@password", SqlDbType.VarChar).Value = TextBox2Password.Text

        Dim adapter As New SqlDataAdapter(command)        
        Dim table As New DataTable()       

        If table.Rows.Count() <= 0 Then        
            MsgBox("Username or Password are Inavlid")        
        Else        
            MsgBox("Login Successfully")        
        End If        

        form.Show()
        Me.Hide()

    End Sub
jmcilhinney
  • 50,448
  • 5
  • 26
  • 46
Hassan Abdullah
  • 1
  • 1
    "I try to connect but it didn't work" is very abstract .Can you please post any errors or expand your question a little? – Alex Leo Sep 19 '19 at 06:42
  • 1
    "Select * from Login where" = (Username =' + TextBox1Username.Text), connection what's with the equals, and where did you close your single quote? checking if table has rows is not how you check if user and pass are correct, you check them in your db – OctaCode Sep 19 '19 at 06:55
  • SqlConnection connection = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=""C:\\Users\Hassan Al - Shommary\\Documents\\Data.mdf"";Integrated Security=True;Connect Timeout=30;"); SqlDataAdapter sda = new SqlDataAdapter("Select Count(*) From Login where Username='" + textBox1Username.Text + "' and Password='" + textBox2Password.Text + "' ",connection); DataTable dt = new DataTable(); sda.Fill(dt); if (dt.Rows.Count == 1) I get error message from sda.fill(dt). how can i fix that? – Hassan Abdullah Sep 19 '19 at 12:22
  • @HassanAbdullah What is the above comment? Looks like a weird hybrid of C# and vb.net. If it is meant to be an update to the code in your question then click the edit link and put it in your question. – Mary Sep 20 '19 at 09:01

1 Answers1

0

The code in your question not only will not work but will not even compile. You can't declare 2 variable with the same name in the same scope.

Dim command As New...
Dim command As New...

What is this about? Public Property newForm As Object If you want to declare a Form do it but don't type as Object.

String.IsNullOrEmpty covers the empty String "". Not necessary to check for both.

I will address the database code below but your code that validates the user with the row count at the end does not prevent the FormNewAccount from opening even for an invalid user. 

Private Sub OPCode()
    Dim count As Integer
    'Use Using...End Using blocks for your database objects so they will be closed and disposed.
    Using Connection As New SqlConnection("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\\Users\Hassan Al - Shommary\\Documents\\Data.mdf;Integrated Security=True;Connect Timeout=30;")
        'Don't retrieve data you don't need. All you need is Count and that can be retrieved with .ExecuteScalar
        Using command As New SqlCommand("Select Count(*) from Login where Username =@Username And Password = @Password;", Connection)
            command.Parameters.Add("@Username", SqlDbType.VarChar).Value = TextBox1Username.Text
            command.Parameters.Add("@Password", SqlDbType.VarChar).Value = TextBox2Password.Text
            Connection.Open()
            count = CInt(command.ExecuteScalar())
        End Using
    End Using
    If count <> 1 Then
        MessageBox.Show("Sorry, invalid login")
        Return
    Else
        MessageBox.Show("Successful login.")
        'Don't create an instance of the next form until you are sure you will need it.
        Dim form As New FormNewAccount()
        form.Show()
        Hide()
    End If
End Sub

And last but not least, NEVER store passwords as plain text. I will leave it to you to investigate salting and hashing of passwords.

Mary
  • 14,926
  • 3
  • 18
  • 27