problem in login form

HI I am using below mentioned code for a login form. I want to create a login form in which user would pass the uid and pw and if both values matches with the table then it should open frmmenu.vb pls help
Try

cn = New OleDb.OleDbConnection("provider=SQLOLEDB; Data Source=USER\SQLEXPRESS;Initial Catalog=IMS;User ID=test; password=test")
cn.Open()
cmd.Connection = cn
tlogin_id = UsernameTextBox.Text
tpswd = PasswordTextBox.Text
cmd.CommandText = "select * from login where login_name='" & tlogin_id & "' and pwd='" & tpswd & "'"
MsgBox(cmd.CommandText)
dr = cmd.ExecuteReader()

If tlogin_id = UsernameTextBox.Text Then
If tpswd = PasswordTextBox.Text Then
frmMenu.ShowDialog()
Else
MessageBox.Show(" Password is incorrect")

End If
Else
MessageBox.Show(" Uid is incorrect")

End If
cn.Close()

Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub

End Class

Re: problem in login form

try this:

vb Code:

Try
 
    Dim cn As New OleDb.OleDbConnection("provider=SQLOLEDB; Data Source=USER\SQLEXPRESS;Initial Catalog=IMS;User ID=test; password=test")
    cn.Open()
    Dim cmd As New OleDbCommand
    cmd.Connection = cn
    tlogin_id = UsernameTextBox.Text
    tpswd = PasswordTextBox.Text
    cmd.CommandText = "select * from login where login_name='" & tlogin_id & "' and pwd='" & tpswd & "'"
    MsgBox(cmd.CommandText)
    Dim dr As OleDb.OleDbDataReader
    dr = cmd.ExecuteReader()
 
    If dr.GetValue(columnIndex) = UsernameTextBox.Text Then 'insert columnIndex
        If dr.GetValue(columnIndex) = PasswordTextBox.Text Then
            frmMenu.ShowDialog()
        Else
            MessageBox.Show(" Password is incorrect")
        End If
    Else
        MessageBox.Show(" Uid is incorrect")
    End If
    cn.Close()
 
Catch ex As Exception
    MsgBox(ex.Message)
End Try

Re: problem in login form

Just a couple of notes on security...

Firstly you should really be using parameters rather than string concatenation to build your queries (to prevent SQL injection)

Secondly when validating a username and password combination, you should never let the user know whether a failed login has failed because there is a correct username but incorrect password, or because the username is not found. Doing this just gives any potential hacker lots of useful info such as confirming that the user id actually exists.