ArchAngel Posted May 12, 2005 Posted May 12, 2005 Hi Guys, I got a slight problem that could be very funny but i need help and fast. I am trying to create a logon page that takes the logon credential from a database but once i am using the multiple parameters the code does not check the parameters and just logs on even with wrong details....... This is the code for select statement Me.OleDbSelectCommand1.CommandText = "SELECT USERNAME, PASSWORD, GROUPTYPE FROM DBUSERS WHERE (PASS" & _ "WORD = ?) AND (USERNAME = ?)" Me.OleDbSelectCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("USERNAME", System.Data.OleDb.OleDbType.VarChar, 20, "USERNAME")) Me.OleDbSelectCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("PASSWORD", System.Data.OleDb.OleDbType.VarChar, 20, "PASSWORD")) Me.OleDbSelectCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("GROUPTYPE", System.Data.OleDb.OleDbType.VarChar, 20, "GROUPTYPE")) This is the text retrieval and fill code OleDbDataAdapter1.SelectCommand.Parameters("USERNAME").Value = txtusername.Text OleDbDataAdapter1.SelectCommand.Parameters("PASSWORD").Value = txtPwd.Text OleDbDataAdapter1.SelectCommand.Parameters("GROUPTYPE").Value = gptype.Text Login21.Clear() Try OleDbDataAdapter1.Fill(Login21) Catch ex As Exception MessageBox.Show("Logon Failed", "Logon Error") End Try what am i doing wrong? i have to present this application at Uni tomorrow help!!!!!!!!!!!!!!!!!!!!! :o :o :o :o Quote
Machaira Posted May 12, 2005 Posted May 12, 2005 I don't see where you have GROUPTYPE in the WHERE clause in your query so why have a parameter for it. Quote Here's what I'm up to.
Administrators PlausiblyDamp Posted May 12, 2005 Administrators Posted May 12, 2005 You do not appear to be checking if the password etc. was valid anywhere in the above code - or rather you do not appear to be checking if the Login21 object has any data in it. Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
ArchAngel Posted May 12, 2005 Author Posted May 12, 2005 I don't see where you have GROUPTYPE in the WHERE clause in your query so why have a parameter for it. It was ommited when i was testing to see if that was the error but i do have it in the code that is not working Quote
ArchAngel Posted May 12, 2005 Author Posted May 12, 2005 OleDbDataAdapter1.Fill(Login21) That handles your question Quote
Administrators PlausiblyDamp Posted May 12, 2005 Administrators Posted May 12, 2005 That shows you are putting data somewhere, it does not show that you are looking to see what you got back or even if anything was returned. Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
ArchAngel Posted May 12, 2005 Author Posted May 12, 2005 The fill command fills the data into other column that are invisible on the form. the querry only returns the first parameter value and not the rest also it does not catch the exception when it cant find the data to use to fill Quote
Administrators PlausiblyDamp Posted May 12, 2005 Administrators Posted May 12, 2005 If no data is found it will not result in an exception, if you want to check that there is no match you need to check the data that is being returned. Exceptions are only used to signal error (or exceptional) conditions. Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.