PHP User Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: bbcode_highlight in ..../includes/functions.php on line 4197

PHP User Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: bbcode_highlight in ..../includes/functions.php on line 4197
Debuggug pains - VS2017-VBForums
Results 1 to 3 of 3

Thread: Debuggug pains - VS2017

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    Jun 2014
    Posts
    464

    Debuggug pains - VS2017

    I am attempting to debug the following code (logon.aspx.vb) in my Web forms project:

    Code:
      Private hashed As String
    
        Protected Function Authenticate(strEmailValue As String, hashedValue As String) As Boolean
    
            'strEmailValue is the unknown email variable
            'hashedValue is the unknown password variable
            'strEmailTextBox is the ID of the email textbox field in my aspx file
            'passwordTextBox is the ID of the password textbox field in my aspx file
            'strEmail is the name of the email column in my MS Access database
    
            Using connection As OleDbConnection = New OleDbConnection(System.Configuration.ConfigurationManager.ConnectionStrings("students").ConnectionString)
    
                Dim cmdText As String = "SELECT COUNT(strEmail) FROM university WHERE strEmail = '" & strEmailValue & "' AND hashed = '" & hashedValue & "'"
    
                Dim cmd As New OleDbCommand(cmdText, connection)
    
                 connection.Open()
    
                Dim result As Integer = cmd.ExecuteScalar
    
                connection.Close()
    
                Return result > 0
    
            End Using
    
        End Function
    while following a couple of tutorials, including this one:

    https://web.stanford.edu/class/archi...l%20Studio.pdf

    I place a breakpoint here to help me identify why any registered user with a valid email address and valid hashed password in my database columns, cannot log-on:

    Code:
    Protected Function Authenticate(strEmailValue As String, hashedValue As String) As Boolean
    and get a Warning:

    Unable to update auto-refresh reference 'aspnet.scriptmanager.jquery.dll'.
    Cannot find assembly 'C:\Users\Steve\Documents\Visual Studio 2017\DimaWeb\Projects\DimaFinal\packages\AspNet.ScriptManager.jQuery.1.8.2\lib\net40\AspNet.ScriptMa nager.jQuery.dll'.
    DimaWeb C:\Users\Steve\Documents\Visual Studio 2017\DimaWeb\DimaWeb\bin\aspnet.scriptmanager.jquery.dll.refresh
    I have asked about that in VS Community forum because the files VS tells me are missing, are not missing at all.

    Nothing is highlighted by a yellow arrow to the left of that line when I go to Debug | Start Debugging. I can't see what possible value this has in resolving the 'log-in denied' error that I am getting, so I remove my breakpoint and put one on this line:

    Code:
    Using connection As OleDbConnection = New OleDbConnection(System.Configuration.ConfigurationManager.ConnectionStrings("students").ConnectionString)
    I press Debug | Start Debugging again, and this time a yellow spot to the left of that line appears, but quickly disappears and returns to its usual red spot, but it tells me that the line cannot be 'hit' because no symbols are loaded. At this point, I wonder what is going on.
    Underneath that line of code, I have:

    Code:
    Dim cmdText As String = "SELECT COUNT(strEmail) FROM university WHERE strEmail = '" & strEmailValue & "' AND hashed = '" & hashedValue & "'"
    I have removed the square brackets around 'hashed' that I had previously because it is not a reserved word, and another icon appears to the left with the following suggestions:

    Name:  Constant.jpg
Views: 71
Size:  55.4 KB

    What am I doing wrong, please?

    Thank you.

  2. #2
    .NUT jmcilhinney's Avatar
    Join Date
    May 2005
    Location
    Sydney, Australia
    Posts
    101,994

    Re: Debuggug pains - VS2017

    The last point is only a matter of style and you're not doing anything technically wrong. You're seeing that because it is no considered best practice to explicitly concatenate multiple Strings together like that, especially when some of them are literals. The last option is the one you would take, if you were to take any of them. That would change the code to use string interpolation, which is basically a language-native form of the String.Format method, instead of explicit concatenation:
    vb.net Code:
    1. Dim cmdText As String = $"SELECT COUNT(strEmail) FROM university WHERE strEmail = '{strEmailValue}' AND hashed = '{hashedValue}'"
    Using string interpolation reduces noise and thus makes the code easier to read, so less error-prone.

    That said, you shouldn't be using string interpolation there either. You should ALWAYS use parameters to insert values into SQL code, e.g.
    vb.net Code:
    1. Dim cmdText As String = "SELECT COUNT(strEmail) FROM university WHERE strEmail = @strEmail AND hashed = @hashed"
    2. Dim cmd As New OleDbCommand(cmdText, connection)
    3.  
    4. With cmd.Parameters
    5.     .Add("@strEmail", OleDbType.VarChar, 100).Value = strEmailValue
    6.     .Add("@hased", OleDbType.VarChar, 100).Value = hashedValue
    7. End With
    That addresses a number of potential issues, the most important of which is SQL injection. Doing it the way you were, a malicious user could potentially crash your app or delete everything in the database. To learn more, follow the Blog link in my signature below and check out my post on the subject.

    As for the rest of the issues you mention, they are something else entirely.

  3. #3

    Thread Starter
    Hyperactive Member
    Join Date
    Jun 2014
    Posts
    464

    Re: Debuggug pains - VS2017

    Thanks for that, jmcilhinney

    I am taking it that your VarChar, 100 is the maximum amount of characters allowed in my hashed column. Mine populates with 64 characters when the user registers.

    I will take a look at the link you mentioned in your Blog signature.

    Thanks again.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width