Can you please tell me what's wrong with the code I'm using? Everytime I execute this, it throws the exception (Failed to connect to database)
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim conn As New System.Data.OleDb.OleDbConnection()
conn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\socnet.accdb"
Dim sql As String = String.Format("INSERT INTO login VALUES('{username}','{password}','{secques}','{secans}')", txt_username.Text, txt_passwd.Text, txt_secquestion.Text, txt_secansw.Text)
Dim sqlCom As New System.Data.OleDb.OleDbCommand(sql)
'Open Database Connection
sqlCom.Connection = conn
conn.Open()
Dim icount As Integer = sqlCom.ExecuteNonQuery
MessageBox.Show(icount)
MessageBox.Show("Successfully registered..", "Success", MessageBoxButtons.OK, MessageBoxIcon.Error)
Catch ex As Exception
MessageBox.Show("Failed to connect to Database..", "Database Connection Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
End Try
cmd_submit2_Click(sender, e)
End If
End Sub
I am using Access 2013 and VS 2015 Community, if that helps. Thank you.
You should use a parameterized approach to your commands.
A parameterized query removes the possibility of Sql Injection and you will not get errors if your string values are not correctly formatted.
Note that if you don't do anything in the exception block then it is better to remove it and let the exception show itself or at least show the Exception.Message value, so you are informed of the actual error.
Finally every disposable object should be created with the Using statement that ensures a proper close and dispose of such objects (in particular the OleDbConnection)
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim sql As String = "INSERT INTO login VALUES(#name, #pass, #sec, #sw)"
Using conn = New System.Data.OleDb.OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\socnet.accdb")
Using sqlCom = New System.Data.OleDb.OleDbCommand(sql, conn)
conn.Open()
sqlCom.Parameters.Add("#name", OleDbType.VarWChar).Value = txt_username.Text
sqlCom.Parameters.Add("#pass", OleDbType.VarWChar).Value = txt_passwd.Text
sqlCom.Parameters.Add("#sec", OleDbType.VarWChar).Value = txt_secquestion.Text
sqlCom.Parameters.Add("#sw", OleDbType.VarWChar).Value = txt_secansw.Text
Dim icount As Integer = sqlCom.ExecuteNonQuery
End Using
End Using
End Sub
Keep in mind that omitting the field names in the INSERT INTO statement requires that you provide values for every field present in the login table and in the exact order expected by the table (So it is better to insert the field names)
For example, if your table has only the 4 known fields:
Dim sql As String = "INSERT INTO login (username, userpass, secfield, secfieldsw) " & _
"VALUES(#name, #pass, #sec, #sw)"
Related
I am creating a flashcard application where each user can create flashcards which will be specific to them. I was wondering how I can link each flashcard they create to their specific account.
Imports System.Data.OleDb
Public Class CreateFlashcards
Dim pro As String
Dim connstring As String
Dim command As String
Dim myconnection As OleDbConnection = New OleDbConnection
Private Sub btnCreateFlashcard_Click(sender As Object, e As EventArgs) Handles btnCreateFlashcard.Click
pro = "provider=microsoft.ACE.OLEDB.12.0;Data Source=flashcard login.accdb"
connstring = pro
myconnection.ConnectionString = connstring
myconnection.Open()
command = " insert into Flashcards ([Front],[Back]) values ('" & txtFront.Text & "','" & txtBack.Text & "')"
Dim cmd As OleDbCommand = New OleDbCommand(command, myconnection)
cmd.Parameters.Add(New OleDbParameter("username", CType(txtFront.Text, String)))
cmd.Parameters.Add(New OleDbParameter("password", CType(txtBack.Text, String)))
MsgBox("You have successfully added the flashcard into your deck!")
Try
cmd.ExecuteNonQuery()
cmd.Dispose()
myconnection.Close()
txtFront.Clear()
txtBack.Clear()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
End Class
This works in that it adds the data into the access database but it does not link to the users account. I have also linked the tables in access
The login table
The flashcard table
As you can see the loginID key does not link
Normally, the connection string for Access contains the the path to the database file for the Data Source attribute.
You will need to add a field to your Flashcard table to hold the UserID. This will tie the 2 tables together.
Database objects like connections and commands need to be disposed as well as closed. Using...End Using blocks handle this for you even if have an error. In this code you both the connection and the command are included in the same Using block.
You can pass the connection string directly to the constructor of the connection. Likewise, pass the sql command text and the connection to the constructor of the command.
When you are using parameters, which you should in Access and Sql Service, put the name of the parameter in the sql command text. It is not necessary to convert the Text property of a TextBox to a string. It is already a String.
I had to guess at the OleDbType for the parameters. Check your database. It is important to note that the order that parameters appear in the sql command text must match the order that they are added to the parameters collection. Access does not consider the name of the parameter, only the position.
I assume you can retrieve the user's ID when they log in to create flash cards. When the user logs in to use there flash cards you would do something like Select * From Flashcards Where LoginID = #UserID;.
Private Sub btnCreateFlashcard_Click(sender As Object, e As EventArgs) Handles btnCreateFlashcard.Click
Try
InsertFlashcard()
MsgBox("You have successfully added the flashcard into your deck!")
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
Private Sub InsertFlashcard()
Dim pro = "provider=microsoft.ACE.OLEDB.12.0;Data Source=Path to login.accdb"
Dim Command = " insert into Flashcards (LoginID, [Front],[Back]) values (#Id, #Front, #Back);"
Using myconnection As New OleDbConnection(pro),
cmd As New OleDbCommand(Command, myconnection)
cmd.Parameters.Add("#UserID", OleDbType.Integer).Value = ID
cmd.Parameters.Add("#Front", OleDbType.VarChar).Value = txtFront.Text
cmd.Parameters.Add("#Back", OleDbType.VarChar).Value = txtBack.Text
myconnection.Open()
cmd.ExecuteNonQuery()
End Using
End Sub
EDIT
As per comment by ADyson I have added code to retrieve ID. Of course in your real application you would be salting and hashing the password. Passwords should never be stored as plain text.
Private ID As Integer
Private Sub btnLogIn_Click(sender As Object, e As EventArgs) Handles btnLogIn.Click
Dim pro = "provider=microsoft.ACE.OLEDB.12.0;Data Source=Path to login.accdb"
Using cn As New OleDbConnection(pro),
cmd As New OleDbCommand("Select LoginID From login Where Username = #Username and Password = #Password;")
cmd.Parameters.Add("#Username", OleDbType.VarChar).Value = txtUserName.Text
cmd.Parameters.Add("#Password", OleDbType.VarChar).Value = txtPassword.Text
cn.Open()
Dim result = cmd.ExecuteScalar
If Not result Is Nothing Then
ID = CInt(result)
Else
MessageBox.Show("Invalid Login")
End If
End Using
End Sub
I can't understand why I can't connect with my SQL Server Express LocalDB. I keep getting in to trouble with my connection string. This is what I have tried:
Imports System.Data.OleDb
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim conString As String 'Connection string
Dim con As OleDbConnection 'Connecting to your database
Dim Command As OleDbCommand 'Query "What do you want in the database"
'conString = "PROVIDER=System.Data.SqlClient v4.0; Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\DatabaseInnlogging.mdf;Integrated Security=True"
'conString = "PROVIDER=SQLOLEDB; Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\DatabaseInnlogging.mdf;Integrated Security=True"
'conString = "PROVIDER=System.Data.SqlClient; Data Source=C:\Users\Bruker\source\repos\InnloggingFørsøkv1\InnloggingFørsøkv1\DatabaseInnlogging.mdf;Integrated Security=True"
'conString = "PROVIDER=Microsoft.Jet.OLEDB.4.0; Data Source=C:\Users\Bruker\source\repos\InnloggingFørsøkv1\InnloggingFørsøkv1\DatabaseInnlogging.mdf;Integrated Security=True"
'conString = "PROVIDER=System.Data.SqlClient v4.0; Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\DatabaseInnlogging.mdf;Integrated Security=True"
Try
con = New OleDbConnection(conString)
con.Open()
Command = New OleDbCommand("select * from LogInTable where UserID = ? and Password = ?", con)
Dim parm1 As OleDbParameter, parm2 As OleDbParameter
parm1 = Command.Parameters.Add("#UserID", OleDbType.VarChar)
parm2 = Command.Parameters.Add("#Password", OleDbType.VarChar)
parm1.Direction = ParameterDirection.Input
parm2.Direction = ParameterDirection.Input
parm1.Value = Me.TextBox1.Text
parm2.Value = Me.TextBox2.Text
Command.Connection.Open()
Dim reader As OleDbDataReader
If reader.Read = True Then
Me.DialogResult = DialogResult.OK
Else
MsgBox("Invalid UserID or Password")
End If
reader = Command.ExecuteReader
Catch ex As Exception
MessageBox.Show(ex.Message)
End Try
End Sub
I have tried several connection strings, but none is working.
But with the number 4, I got error
Multiple-step OLE DB operation generated errors.check each OLE DB status value
The others results in an error:
provider not recognized
My other attempt was with SqlClient:
Imports System.Data.SqlClient
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim myConn As SqlConnection
myConn = New SqlConnection("Initial Catalog=OutComes; Data Source=localhost;Integrated Security=SSPI;")
'"Data Source = (LocalDB) \ MSSQLLocalDB;AttachDbFilename=|DataDirectory|\DatabaseInnlogging.mdf;Integrated Security=True")
' "Data Source=localhost;Integrated Security=SSPI;")
'Create a Command object.
Dim myCmd As SqlCommand
myCmd = myConn.CreateCommand
myCmd.CommandText = "SELECT UserID, Password FROM LogInTable"
'Open the connection.
myConn.Open()
Dim results As String
Dim myReader As SqlDataReader
myReader = myCmd.ExecuteReader()
'Traverse the DataSet and Display in GUi for Example:
Do While myReader.Read()
results = results & myReader.GetString(0) & vbTab &
myReader.GetString(1) & vbLf
Loop
'Display results.
MsgBox(results)
' Close the reader and the database connection.
myReader.Close()
myConn.Close()
End Sub
My error here was:
System.Data.SqlClient.SqlException: 'A network-related or instance-specific error occurred while connecting to SQL Server. The server was not found or was not available. Verify that the instance name is correct and that SQL Server is configured to accept external connections. (provider: Named Pipes Provider, error: 40 - Unable to open a connection to SQL Server)
I have one table in my SQL Server database with two columns UserID and password.
I would be very grateful if someone could point me in the right direction here. I have read many post on the subject but cant seem to find where I go wrong. My main goal here is to connect with my database.
As you are new you can try some visual tools it can help you to see more clear, I suggest you to try this approach, it's a half way to your solution :
In your visual Studio :
Menu Tools
Connection to database
In the Dialog
Data Source : Microsoft SQL Server (sqlClient)
Server Name : ****
you should find your server here, select it, Else that's mean you have problem with your server installation
Authentification : Windows Authentification
as i see in your example your are not using SQL id so that's fine
Connection to database:
Select the Database that you already created, if nothing seen
that's mean you didn't created or you don't have rights to access
Then Click in button Test Connection
if success then click OK
Then go to your ToolBox
Data
DataGridView drop it in your form
select data source : in bottom you will see + Add the data source
click on it
You will have a Dialog, choose Database -> Dataset ->
choose you data connection
you should see a line in the combobox with your server name \ your Database.dbo
Check in the checkbox "Show the connection string saved in the application"
you will see clearly your connection string
Next -> Next > check Tables
Finish
If you stuck in some part let me know to clarify you by an Edit
First of all, THANK YOU :), I got it to work. But I still have som questions.
I started with a fresh project and made a local sqlDB with one table
with two columbs "UserID" and "Password".
I had one line in this table with "Admin" and "pass"
I did not use the table designer or add a datasource.
I followed your description to the letter and copied my connectionstring under tool connect...
That worked fine and I found the mdf file and was able to connect to it
Loaded the form with a datagrid and bound it to the datasource. It worked properly
Then I tried to connect to the DB under a new button manualy. I got this error message:
System.Data.SqlClient.SqlException:
'Cannot attach file 'C:\Users\Bruker\source\repos\Connect_v2\Connect_v2\bin\Debug\Database1.mdf'
as database 'OutComes
' because this file is already in use for database
'C:\USERS\BRUKER\SOURCE\REPOS\CONNECT_V2\CONNECT_V2\BIN\DEBUG\DATABASE1.MDF''
This was the class:
Imports System.Data.SqlClient
Public Class Form1
Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
'TODO: This line of code loads data into the 'Database1DataSet.LogInTable' table. You can move, or remove it, as needed.
Me.LogInTableTableAdapter.Fill(Me.Database1DataSet.LogInTable)
End Sub
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim myConn As SqlConnection
myConn = New SqlConnection("Initial Catalog=OutComes; Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Database1.mdf;Integrated Security=True;Connect Timeout=30")
'Create a Command object.
Dim myCmd As SqlCommand
myCmd = myConn.CreateCommand
myCmd.CommandText = "SELECT UserID, Password FROM LogInTable"
'Open the connection.
myConn.Open()
Dim results As String
Dim myReader As SqlDataReader
myReader = myCmd.ExecuteReader()
'Traverse the DataSet and Display in GUi for Example:
Do While myReader.Read()
results = results & myReader.GetString(0) & vbTab &
myReader.GetString(1) & vbLf
Loop
'Display results.
MsgBox(results)
' Close the reader and the database connection.
myReader.Close()
myConn.Close()
End Sub
I tried to comment out the load event and It connected with the DB manualy. It worked :)
Imports System.Data.SqlClient
Public Class Form1
'Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
' 'TODO: This line of code loads data into the 'Database1DataSet.LogInTable' table. You can move, or remove it, as needed.
' Me.LogInTableTableAdapter.Fill(Me.Database1DataSet.LogInTable)
'End Sub
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim myConn As SqlConnection
myConn = New SqlConnection("Initial Catalog=OutComes; Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Database1.mdf;Integrated Security=True;Connect Timeout=30")
'Create a Command object.
Dim myCmd As SqlCommand
myCmd = myConn.CreateCommand
myCmd.CommandText = "SELECT UserID, Password FROM LogInTable"
'Open the connection.
myConn.Open()
Dim results As String
Dim myReader As SqlDataReader
myReader = myCmd.ExecuteReader()
'Traverse the DataSet and Display in GUi for Example:
Do While myReader.Read()
results = results & myReader.GetString(0) & vbTab &
myReader.GetString(1) & vbLf
Loop
'Display results.
MsgBox(results)
' Close the reader and the database connection.
myReader.Close()
myConn.Close()
End Sub
End Class
This is great but I still wonder why I got the error message. Is it because the datagridview tableadapter holds a constanctly open connection to the DB. And is not possible to have multiple open connections at the same time ?
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 3 years ago.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Improve this question
Private Sub btnHREmployeeInfoUpdate_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnHREmployeeInfoUpdate.Click
provider = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source="
datafile = "C:\Users\Asus\Documents\Visual Studio 2008\Projects\WindowsApplication7\WindowsApplication7\Tea.accdb"
connString = provider & datafile
myconnection.ConnectionString = connString
'to update employee status ' not working
myconnection.Open()
Dim str As String
str = "update[HR_Employee_Details]set[Status]='" & cboHREmployeeInfoStatus.Text & "'Where[EmployeeID]='" & txtHREmployeeInfoNewEmployeeID.Text & "'"
Dim cmd As OleDbCommand = New OleDbCommand(str, myconnection)
Try
cmd.ExecuteNonQuery()
Catch ex As Exception
MsgBox("not updated", MsgBoxStyle.OkOnly, "Update fail")
End Try
MsgBox("Updated!", MsgBoxStyle.OkOnly, "Updated")
myconnection.Close()
End Sub
There are some really bad patterns in that code, and as so often happens just updating the code to use better practice will help find the underlying problem. You'll need to read the comments below to see exactly how:
'Isolate and group the DB access in it's own class, module, or class library.
'ALL access to the database in the application should run through here.
Public Module DB
'Move these out of the individual methods, so you don't
'have to repeat them everywhere
Private Readonly Property provider As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source="
Private Readonly Property datafile As String = "C:\Users\Asus\Documents\Visual Studio 2008\Projects\WindowsApplication7\WindowsApplication7\Tea.accdb"
Private Readonly Property connString As String = provider & datafile
'Each query gets its own public method in this module,
'but everything else should be marked Private
Public Sub UpdateEmployeeStatus(NewStatus As String, EmployeeID As Integer)
'Ole provider for ADO.Net uses ? As parameter placeholders.
'This string could be a CONSTANT!
Dim sql As String = "UPDATE [HR_Employee_Details] SET [Status]= ? WHERE [EmployeeID]= ?"
'The Using block will guarantee your connection is
'closed, even if an exception is thrown.
'The old code could have leaked connection objects
'when there were exceptions.
'Also, ADO.Net works **much** better when you
'create new connection objects for most queries.
Using conn As New OleDbConnection(connString), _
cmd As New OleDbCommand(sql, conn)
'I have to guess at parameter types here.
'You should change this to use exact types &
'lengths from the database.
'ADO.Net will figure out what value goes to
'what parameter based on the order of the
'placeholders in the sql string.
'These parameters are the ONLY correct
'way to include data in an sql command.
'Anything else leaves you open to sql injection.
cmd.Parameters.Add("?", OleDbType.VarWChar, 20).Value = NewStatus
'If this is not an integer, change it to correct type.
'But I wanted to be sure to show two different
'parameter types
cmd.Parameters.Add("?", OleDbType.Integer).Value = EmployeeID
'wait as long as possible to call Open
conn.Open()
cmd.ExecuteNonQuery()
End Using 'No need to call conn.Close() -- the Using block took care of it
End Sub
End Module
Private Sub btnHREmployeeInfoUpdate_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnHREmployeeInfoUpdate.Click
'Exception handling can still live in the UI
Try
'Again: integer here is just to demonstrate a
'different parameter type.
'If your employee IDs really are strings, it's
'easy to remove this.
Dim EmployeeID As Integer = Integer.Parse(txtHREmployeeInfoNewEmployeeID.Text)
DB.UpdateEmployeeStatus(cboHREmployeeInfoStatus.Text, EmployeeID)
MsgBox("Updated!", MsgBoxStyle.OkOnly, "Updated")
Catch ex As Exception
'This is where your real problem was!
'This catch block hid the detail from the exception
'you would need to solve the problem!
'If you don't want to show this to the user, which
'is reasonable, you can at least log it somewhere.
'Once you see the exception message, it will probably
'be much clearer how to fix the issue.
MsgBox($"Error updating the database:{vbCrLf}{Ex.Message}", MsgBoxStyle.OkOnly, "Not Updated")
End Try
End Sub
But so you don't feel like the "good" code needs to be so much longer, here it is again with the comments removed. Especially note how clean the event handler method has become.
Public Module DB
Private Readonly Property provider As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source="
Private Readonly Property datafile As String = "C:\Users\Asus\Documents\Visual Studio 2008\Projects\WindowsApplication7\WindowsApplication7\Tea.accdb"
Private Readonly Property connString As String = provider & datafile
Public Sub UpdateEmployeeStatus(NewStatus As String, EmployeeID As Integer)
Dim sql As String = "UPDATE [HR_Employee_Details] SET [Status]= ? WHERE [EmployeeID]= ?"
Using conn As New OleDbConnection(connString), _
cmd As New OleDbCommand(sql, conn)
cmd.Parameters.Add("?", OleDbType.VarWChar, 20).Value = NewStatus
cmd.Parameters.Add("?", OleDbType.Integer).Value = EmployeeID
conn.Open()
cmd.ExecuteNonQuery()
End Using
End Sub
End Module
Private Sub btnHREmployeeInfoUpdate_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnHREmployeeInfoUpdate.Click
Try
Dim EmployeeID As Integer = Integer.Parse(txtHREmployeeInfoNewEmployeeID.Text)
DB.UpdateEmployeeStatus(cboHREmployeeInfoStatus.Text, EmployeeID)
MsgBox("Updated!", MsgBoxStyle.OkOnly, "Updated")
Catch ex As Exception
MsgBox($"Error updating the database:{vbCrLf}{Ex.Message}", MsgBoxStyle.OkOnly, "Not Updated")
End Try
End Sub
I wanna create a txt file that stores the Username, Password, Date & Time, and User Type when "Log In" button is pressed. But all I know is how to create a txt file. Can anyone help me? Here's my code for my Log In button:
Private Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
Dim username As String = ""
Dim password As String = ""
Dim cn As New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;" & "Data Source=D:\Library Management System\LMS_Database.accdb")
Dim cmd As OleDbCommand = New OleDbCommand("SELECT ID_Number FROM Users WHERE ID_Number = '" & txtUsername.Text & "' AND ID_Number = '" & txtPassword.Text & "'", cn)
cn.Open()
Dim dr As OleDbDataReader = cmd.ExecuteReader()
If (dr.Read() = True And cboUserType.Text = "Student") Then
MsgBox("Welcome!", MsgBoxStyle.OkOnly, "Successfully logged in.")
frmViewBooks.Show()
txtUsername.Clear()
txtPassword.Clear()
cboUserType.SelectedIndex = -1
Me.Hide()
Else
If (txtUsername.Text = "admin" And txtPassword.Text = "ckclibraryadmin" And cboUserType.Text = "Administrator") Then
MsgBox("Welcome, admin!", MsgBoxStyle.OkOnly, "Successfully logged in.")
frmAdminWindow.Show()
txtUsername.Clear()
txtPassword.Clear()
cboUserType.SelectedIndex = -1
Me.Hide()
Else
MsgBox("Your username or password is invalid. Please try again.", MsgBoxStyle.OkOnly, "Login failed.")
txtUsername.Clear()
txtPassword.Clear()
cboUserType.SelectedIndex = -1
End If
End If
End Sub
I'd be getting the Date and Time value from my timer.
Private Sub frmLogIn_Load(sender As Object, e As EventArgs) Handles MyBase.Load
tmrLogIn.Start()
End Sub
Private Sub tmrLogIn_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles tmrLogIn.Tick
lblTime.Text = DateTime.Now.ToString()
End Sub
Thank you!
There are a few things that I'd like to point out to maybe help you later on down the road. Data object generally implement iDisposable, it is a good idea to either wrap them in Using statements or dispose of them manually. Also, it is generally a good idea to wrap any database code into a Try/Catch exception handler because something can go wrong at any point you're trying to access outside data. Also, it is always a good idea to parameterize your query. Finally, you are only wanting to validate that a row is returned from your SQL statement, so your SQL statement should instead return the number of rows returned and then you can use the ExecuteScalar to get that one value returned.
With all of that out of the way, all you would need to do is append a line to a text file using the IO.File.AppendAllLines method using the data you already have if the login was validated.
Here is an example of implementing everything I suggested:
'Declare the object to return
Dim count As Integer = -1
'Declare the connection object
Dim con As OleDbConnection
'Wrap code in Try/Catch
Try
'Set the connection object to a new instance
con = New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;" & "Data Source=D:\Library Management System\LMS_Database.accdb")
'Create a new instance of the command object
'TODO: If [Username] and [Password] are not valid columns, then change them
Using cmd As OleDbCommand = New OleDbCommand("SELECT Count([ID_Number]) FROM [Users] WHERE [Username] = #username AND [Password] = #password", con)
'Parameterize the query
With cmd.Parameters
.AddWithValue("#username", txtUsername.Text)
.AddWithValue("#password", txtPassword.Text)
End With
'Open the connection
con.Open()
'Use ExecuteScalar to return a single value
count = Convert.ToInt32(cmd.ExecuteScalar())
'Close the connection
con.Close()
End Using
If count > 0 Then
'Append the data to the text file
'TODO: Change myfilehere.txt to the desired file name and location
IO.File.AppendAllLines("myfilehere.txt", String.Join(",", {txtUsername.Text, txtPassword.Text, DateTime.Now, cboUserType.Text}))
'Check if it is a student or admin
If cboUserType.Text = "Student" Then
'Inform the user of the successfull login
MessageBox.Show("Welcome!", "Login Successfull", MessageBoxButtons.OK)
frmViewBooks.Show()
ElseIf cboUserType.Text = "Administrator" Then
'Inform the admin of the successfull login
MessageBox.Show("Welcome, admin!", "Login Successfull", MessageBoxButtons.OK)
frmAdminWindow.Show()
End If
'Reset and hide the form
txtUsername.Clear()
txtPassword.Clear()
cboUserType.SelectedIndex = -1
Me.Hi
Else
'Inform the user of the invalid login
MessageBox.Show("Invalid username and/or password. Please try again.", "Invalid Login", MessageBoxButtons.OK)
End If
Catch ex As Exception
'Display the error
Console.WriteLine(ex.Message)
Finally
'Check if the connection object was initialized
If con IsNot Nothing Then
If con.State = ConnectionState.Open Then
'Close the connection if it was left open(exception thrown)
con.Close()
End If
'Dispose of the connection object
con.Dispose()
End If
End Try
Your goal can be achieved in many ways.For example,you can create an access/sql/mysql database to store the required information.But if u want to use a textfile instead,you can store Username,password and other details on seperate lines.Then you can read each line from the text file and use it the way you want.So,which one u prefer? a database or text file? leave a comment and i'lll add the codes/instructions depending on your choice
Getting Error While Updating Record.
Firs of all i select a row from Datagrid then selected row's values displayed to textbox then i click update button to update record.
After entered New usename and password click save Buton then getting error as follow.
ERROR
system.data.oledb.oledbException(0x80040e14):syntax error in UPDATE statement.
at
system.data.oledb.oledbCommand.executeCommandTextErrorHandling(Oledb Hresult hr)
at
System.data.Oledb.OledbCommand.ExecutecommandTextforSingleResult(tagDBPARAMS dbParams, Object& executeResult)
at
System.data.Oledb.OledbCommand.Executecommand(CommandBehavior Behavior, String method)
at System.data.Oledb.OledbCommand.ExecuteNonQuery()
at Nakul.frmusers.cmdsave_click(object sender, EventArgs e)in
E:\kul....\frmusers.vb:line 152
Note : I did not want to update the userid.
Data.accdb // Access File Name
table Name : users
Design View: userid Number // primary key
username text
password text
Imports System.Data
Imports System.Data.OleDb
public class users
Dim str As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=E:\kul\Data.accdb;Persist Security Info=False;"
Private Sub cmdSave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdSave.Click
Dim conn As New OleDbConnection(str)
Dim qry As New OleDbCommand("update users set username='" & txtusername.Text & "', password='" & txtpassword.Text & "' where userid=" & txtuserid.Text, conn)
Try
conn.Open()
qry.ExecuteNonQuery() // Error Line No 152 in Coading
conn.Close()
MsgBox("Record Updated")
Catch ex As Exception
MsgBox(ex.ToString)
End Try
End Sub
End class
The main reason for the Syntax error is the word PASSWORD. It is a reserved keyword in Access and thus you need to encapsulate it with square brackets
Said that, you need to change you query and use a parameterized approach and not a string concatenation. Building your query concatenating strings could be another source of syntax errors (a user name that contains a single quote?) and open the door to sql injection attacks
Private Sub cmdSave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdSave.Click
dim query = "update users set username=?, [password]=? where userid=?"
Using conn = new OleDbConnection(str)
Using qry = New OleDbCommand(query, conn)
qry.Parameters.AddWithValue("#p1",txtusername.Text )
qry.Parameters.AddWithValue("#p2",txtpassword.Text )
qry.Parameters.AddWithValue("#p3",Convert.ToInt32(txtuserid.Text))
conn.Open()
qry.ExecuteNonQuery()
conn.Close()
MsgBox("Record Updated")
End Using
End Using
End Sub
Also note the using statement that ensure the correct closing and disposing of the connection and the command.