Syntax error (missing operator) in query expression 'Username ='admin' [Password] ='admin' AND AccountType = Admin''.
Dim conn As New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Jen\Documents\Jade\vb\database.accdb")
txtAdmin.Text = "Admin"
Dim strsql As New OleDbCommand("select * from Login where Username ='" & txtUsername.Text & "' [Password] ='" & txtPassword.Text & "' AND AccountType = Admin'", conn)
Dim uu As New OleDbParameter("UserName", txtUsername.Text)
Dim pp As New OleDbParameter("Password", txtPassword.Text)
strsql.Connection.Open()
Dim reader As OleDbDataReader
reader = strsql.ExecuteReader
If reader.HasRows Then
strsql.Connection.Close()
MsgBox(" Successfully Logged in!", vbInformation)
frmIndex.Show()
desktopFade.Close()
ElseIf txtUsername.Text = "" And txtPassword.Text = "" Then
MsgBox("Don't leave the fields blank", vbCritical)
txtUsername.Focus()
Else
MsgBox("Your Username or Password is invalid", MsgBoxStyle.Critical)
Me.txtUsername.Text = ""
Me.txtPassword.Text = ""
Me.txtUsername.Focus()
strsql.Connection.Close()
End If
i have 2 user in the database. the admin and the user. if the username and password account type is = Admin then ADMIN Account show while if the username and password input is for the user then USER Account show. On my code, i'm trying to solve first the admin but i need everyone help. T.T
You miss an "AND" here:
'" & txtUsername.Text & "' [Password] ='"
Should be
'" & txtUsername.Text & " AND ' [Password] ='"
Related
I am developing a Windows Form application using vb.net in VS10 with user management. I am using following code when a user tries to login:
Try
Dim sel As String
sel = "SELECT uid, name, loginid, password, type FROM user_master WHERE loginid = '" & UsernameTextBox.Text & "' AND password = '" & PasswordTextBox.Text & "'"
Dim cnn As New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\RSMS_DB.mdf;Integrated Security=True;User Instance=True")
Dim da As New SqlDataAdapter(sel, cnn)
Dim ds As New DataSet()
da.Fill(ds)
If ds.Tables(0).Rows.Count = 0 Then
MsgBox("Wrong Username and Password Combination!", MsgBoxStyle.Critical, "Login Failed")
Else
current_uid = ds.Tables(0).Rows(0)(0)
current_name = ds.Tables(0).Rows(0)(1)
current_loginid = ds.Tables(0).Rows(0)(2)
current_password = ds.Tables(0).Rows(0)(3)
current_type = ds.Tables(0).Rows(0)(4)
MsgBox("Welcome '" & ds.Tables(0).Rows(0)(1) & "'!", MsgBoxStyle.OkOnly, "Login Successful")
Dim upd = "UPDATE user_master SET lastlogin = '" & System.DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss") & "' WHERE uid = " & current_uid & ""
Dim cmd As New SqlCommand(upd, cnn)
cnn.Open()
cmd.ExecuteNonQuery()
If checkboxLoginState.Checked = True Then
cmd.CommandText = "INSERT INTO login_state VALUES('" & current_uid & "', '" & current_name & "', '" & current_loginid & "', '" & current_password & "', '" & current_type & "')"
cmd.ExecuteNonQuery()
End If
cnn.Close()
load_user_permissions(current_uid) 'DISABLING OPTIONS ACCORDING TO USER RIGHTS
Me.Close()
End If
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Critical, "Database Error")
End Try
All I want to ask is if it is the right method? Is the SELECT Query case sensitive by default?
The SQL Keywords are case-insensitive (SELECT, FROM, WHERE, etc), but are often written in all caps. However in some setups table and column names are case-sensitive. Usually case-sensitive table and column names are the default. If you want to change it then you can change it in a function of the database's collation settings.
Source - And this could also be helpful for you.
If security is important to you then you should hash the passwords - do not save passwords as plain text! You should check out the library libsodium
Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
Dim conn As New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Jen\Documents\Jade\vb\database.accdb")
txtAdmin.Text = "Admin"
Dim strsql As New OleDbCommand("select * from Account where Username ='" & txtUsername.Text & "' AND [Password] ='" & txtPassword.Text & "' AND AccountType = '" & txtAdmin.Text & "'", conn)
Dim strsql2 As New OleDbCommand("select * from Account where Username ='" & txtUsername.Text & "' AND [Password] ='" & txtPassword.Text & "' AND AccountType = '" & txtStudent.Text & "'", conn)
Dim uu As New OleDbParameter("UserName", txtUsername.Text)
Dim pp As New OleDbParameter("Password", txtPassword.Text)
strsql.Connection.Open()
strsql2.Connection.Open()
Dim reader As OleDbDataReader
reader = strsql.ExecuteReader
Dim reader2 As OleDbDataReader
reader2 = strsql2.ExecuteReader
If reader.HasRows Then
strsql.Connection.Close()
MsgBox(" Welcome Admin!", vbInformation)
frmIndex.Show()
desktopFade.Close()
ElseIf reader2.HasRows Then
strsql2.Connection.Close()
MsgBox(" Welcome Student!", vbInformation)
frmReg.Show()
desktopFade.Close()
ElseIf txtUsername.Text = "" And txtPassword.Text = "" Then
MsgBox("Don't leave the fields blank", vbCritical)
txtUsername.Focus()
Else
MsgBox("Your Username or Password is invalid", MsgBoxStyle.Critical)
Me.txtUsername.Text = ""
Me.txtPassword.Text = ""
Me.txtUsername.Focus()
strsql.Connection.Close()
strsql2.Connection.Close()
End If
The error here is the strsql2.connection.open() <--- it says that the connection is not close. still open.
I edited your question because you tagged it VBA and this is VB.NET
You have several problems with your code.
You should add Error trapping with Try Catch and also your connection is not always closed
To only fix the actual issue, test if the connection is open before trying to open it
If strsql2.Connection.State = ConnectionState.Open Then
Console.WriteLine("COnnection already open, closing it")
strsql2.Connection.Close()
End If
strsql2.Connection.Open()
I would like my database to also select radiobuttons from my access database. However whenever I try running my program and providing the needed information, an error shows up
" Error:Syntax error in string in query expression 'username=asjjm'
AND password = 'ksjadklf' AND facultymember = 'False' AND student =
'False. "
I don't really understand errors like that because I'm only a beginner. Can someone tell me whats wrong? Thank you very much.
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
' Check if username or password is empty
If TxtPassword.Text = "" Or TxtUsername.Text = "" Then
MessageBox.Show("Please complete the required fields.", "Authentication Error!", MessageBoxButtons.OK, MessageBoxIcon.Error)
Else
' Both fields was supply
' Check if user exist in database
' Connect to DB
Dim conn As New System.Data.OleDb.OleDbConnection()
conn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Thesis\Thesis\Database2.accdb"
Try
'conn.Open()
'MsgBox("Susscess")
Dim sql As String = "SELECT * FROM tbl_user WHERE username='" & TxtUsername.Text & "' AND password = '" & TxtPassword.Text & "' AND facultymember = '" & RadioButton1.Checked & "' AND student ='" & RadioButton2.Checked '""
Dim sqlCom As New System.Data.OleDb.OleDbCommand(sql)
'Open Database Connection
sqlCom.Connection = conn
conn.Open()
Dim sqlRead As System.Data.OleDb.OleDbDataReader = sqlCom.ExecuteReader()
If sqlRead.Read() Then
MainStud.Show()
Me.Hide()
Else
' If user enter wrong username and password combination
' Throw an error message
MessageBox.Show("Username, Password, and Account Type do not match!", "Authentication Failure", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
'Clear all fields
TxtPassword.Text = ""
TxtUsername.Text = ""
'Focus on Username field
TxtUsername.Focus()
conn.Close()
End If
Catch ex As Exception
MessageBox.Show("Error:" & ex.Message)
End Try
End If
End Sub
*Edit
I did exactly what #chepe263 said and got two new errors.
End of statement expected
'System.Data.Sql' is a namespace and cannot be used as an expression.
What's causing these? Note* I made the radiobuttons to indicate choices whether the user is logging in on an account as a faculty member or student.
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
' Check if username or password is empty
If TxtPassword.Text = "" Or TxtUsername.Text = "" Then
MessageBox.Show("Please complete the required fields.", "Authentication Error!", MessageBoxButtons.OK, MessageBoxIcon.Error)
Else
' Both fields was supply
' Check if user exist in database
' Connect to DB
Dim conn As New System.Data.OleDb.OleDbConnection()
conn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Thesis\Thesis\Database2.accdb"
Try
'conn.Open()
'MsgBox("Susscess")
Dim facultyMemberName As String
Dim rbdtext As String
If RadioButton1.Checked Then
facultyMemberName = RadioButton1.Text
End If
If RadioButton2.Checked Then
rbdtext = RadioButton2.Text
End If
Dim sql As String = "SELECT * FROM tbl_user WHERE username='" & TxtUsername.Text & "' AND password = '" & TxtPassword.Text & "' AND facultymember = '" & facultyMemberName & "' AND student ='" & rbdtext """
Dim sqlCom As New System.Data.OleDb.OleDbCommand(Sql, conn)
'Open Database Connection
sqlCom.Connection = conn
conn.Open()
Dim sqlRead As System.Data.OleDb.OleDbDataReader = sqlCom.ExecuteReader()
If sqlRead.Read() Then
MainStud.Show()
Me.Hide()
Else
' If user enter wrong username and password combination
' Throw an error message
MessageBox.Show("Username and Password do not match!", "Authentication Failure", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
'Clear all fields
TxtPassword.Text = ""
TxtUsername.Text = ""
'Focus on Username field
TxtUsername.Focus()
conn.Close()
End If
Catch ex As Exception
MessageBox.Show("Error:" & ex.Message)
End Try
End If
End Sub
Edit* Still not over this. Tried every possible solution but still shows errors. Sorry if it could get so confusing. I'm just a beginner.
you try something like this
if (RadioButton1.Checked)
{
rbdtext = RadioButton1.Text;
}
else if (RadioButton2.Checked)
{
rbdtext = RadioButton2.Text;
}
else
{
rbdtext = RadioButton3.Text;
}
then your SQL Statement
Dim sql As String = "SELECT * FROM tbl_user WHERE username='" & TxtUsername.Text & "' AND password = '" & TxtPassword.Text & "' AND facultymember = '" & rbdtext & "' AND student ='" & rbdtext '""
declare a new variable inside Button Click's Private sub
Dim facultyMemberName as String
Do what Parth Akbari suggests
If RadioButton1.Checked Then
facultyMemberName = RadioButton1.Text
End If
(Repeat for as many radio buttons you have)
Then place the right variable name and fix the end of your string (the single quote is before the double quote and it makes it a commentary, no good)
Dim sql As String = "SELECT * FROM tbl_user WHERE username='" & TxtUsername.Text & "' AND password = '" & TxtPassword.Text & "' AND facultymember = '" & facultyMemberName & "' AND student ='" & rbdtext """
Tips (just opinions)
Try using a ListBox or ComboBox instead of RadioButtons since you are listing names of people. You could do something like
facultyMemberName = lstFacultyName.SelectedItem.Text
Try placing your sql query in a textbox, copy it and run it with your favorite SQL manager. You can detect potential errors that way.
Try using parameters instead of concatenate values to a string.
I've been trying to implement a login page where a user enters their username and password and the entered username and password are compared with those in a data table. If the username and password match a message appears saying it was successful.
I've been trying to run the code, but I keep getting a syntax error. I get the following message in visual studio:
An unhandled exception of type System.Data.OleDb.OleDbException occurred in System.Data.dll
Additional information: Syntax error (missing operator) in query expression 'User ID = 'jtenori1' AND [Password] = '''.
Code is included... Please let me know if you need more info and I appreciate the help in advance!
Private Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
Dim LoginID, Password As String
LoginID = txtLoginID.Text
Password = txtPassword.Text
Dim con As New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\person\Desktop\experiment\class\Project\Project41\Project41\project41.accdb")
con.Open()
Dim cmd As OleDbCommand = New OleDbCommand("SELECT * FROM UserInfo WHERE User ID = '" & txtLoginID.Text & "' AND [Password] = '" & txtPassword.Text & "' ", con)
Dim sdr As OleDbDataReader = cmd.ExecuteReader()
If (sdr.Read() = True) Then
MessageBox.Show("Successfully Logged In")
txtLoginID.Enabled = False
txtPassword.Enabled = False
Else
txtLoginID.Text = ""
txtPassword.Text = ""
MessageBox.Show("Invalid User ID or Password")
End If
End Sub
If you have User ID column then you must enclose it in [User ID].
Dim cmd As OleDbCommand = New OleDbCommand("SELECT * FROM UserInfo
WHERE [User ID] = '" & txtLoginID.Text & "' AND [Password] = '" & txtPassword.Text & "' ", con)
OR
Cross check column name used in the query with reference to name in database.
NOTE: It is highly recommended to use parameterized query.
I'm trying to change a password. Can you look for this and tell what's wrong? Some times I get a Syntax error in the UPDATE statement or even it is working the password didn't change in database. Here's my code:
Dim sqlquery As String = "UPDATE tblLogin SET pword = ? WHERE pword = '" & txtnewpass.Text & "' "
Dim sqlcmd As New OleDbCommand(sqlquery, con)
sqlcmd.Parameters.AddWithValue("#pword", txtnewpass.Text)
con.Open()
sqlcmd.ExecuteNonQuery()
con.Close()
MessageBox.Show("Your password has been changed", "Change Password", MessageBoxButtons.OK, MessageBoxIcon.Information)
Thank you for your help
I don't know VB and VB SQL Syntax by heart, but a Quick Look at your code shows that there are at least two mistakes.
"UPDATE tblLogin SET pword = ?
should be
"UPDATE tblLogin SET pword = #pword
The
WHERE pword = '" & txtnewpass.Text & "' "
should be
WHERE pword = '" & txtoldpass.Text & "' "
Or make it with #param as well. You are trying to change password which doesn't exists yet.
Besides that, passwords should be encrypted in the database, and you shouldn't match (where clause) just by password. What if 2 users have the same password? You will change both user's passwords;)