|
-
May 8th, 2008, 03:04 AM
#1
Thread Starter
Lively Member
[2005] - SQL Login Form
Hi All,
I have a login form connecting to a SQL Database but when the OnClick event fires, nothing occurs. I now that it is sorta working because if the user name / password fields are left blank, an error message is displayed
Code:
Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click
If UsernameTextBox.TextLength > 1 And UsernameTextBox.TextLength > 1 Then
Try
Dim connStr As String = ConfigurationManager.ConnectionStrings("CRM.NET.My.MySettings.CRMConnectionString").ConnectionString
Dim SQL As String = "SELECT UserID, Password FROM tblUsers WHERE UserID = '" & UsernameTextBox.Text & "' AND Password = '" & PasswordTextBox.Text & "'"
Dim myCommand As New SqlCommand(SQL, New SqlConnection(connStr))
myCommand.Connection.Open()
Dim dr As SqlDataReader
dr = myCommand.ExecuteReader()
If Not dr.Read() Then
MessageBox.Show("Login Failed")
Else
Dim Form1 As New Form1
Form1.Show()
End If
Catch ex As Exception
End Try
Else
MessageBox.Show("Username and Password Must Be Entered")
End If
End Sub
-
May 8th, 2008, 04:58 AM
#2
Fanatic Member
Re: [2005] - SQL Login Form
output the error message in the catch block. It will help you debug your program better
-
May 8th, 2008, 05:06 AM
#3
Thread Starter
Lively Member
Re: [2005] - SQL Login Form
omg... How did I miss that. Will put that in and see what error message is returned...
-
May 8th, 2008, 05:08 AM
#4
Re: [2005] - SQL Login Form
As talkro says. You should always put this code in your Catch blocks:
vb.net Code:
Debug.WriteLine(ex.ToString())
That will write the error message and stack trace to the Output window when you're debugging but it will not affect the performance of a Release version.
That said, it's not a bad idea to have a standard mechanism to log unexpected exceptions in deployed apps so you can easily diagnose issues in applications installed on client systems.
-
May 8th, 2008, 06:46 AM
#5
Thread Starter
Lively Member
Re: [2005] - SQL Login Form
Thanks for the hint. The error message returned column name "Password" missing which has now been fixed and the code is now working as expected. On a side note, it it possible to close the login form once the main form has been called.
I have called "LoginForm.Close" within the MainForm_Load Sub but that closes all the forms. I them tried "LoginForm.Hide", but when closing the application by the close button during debugging, the program is still running.
-
May 8th, 2008, 07:05 AM
#6
Fanatic Member
Re: [2005] - SQL Login Form
using the form.hide trick, you have to make sure that in the the form closing event of the main form, you close the login form has well.
-
May 8th, 2008, 07:09 AM
#7
Frenzied Member
Re: [2005] - SQL Login Form
A tip of advice, you might want to look up Paramaterization for your sql statement, if you value security.
-
May 8th, 2008, 08:17 AM
#8
Re: [2005] - SQL Login Form
If you are connecting to an SQL Server then you should really be taking advantage of Stored Procedures. They offer maximum security because none of your login validation code is exposed, even to a decompile. Then it is simply a matter of sending the login parameters and receiving either a success or a fail response.
Also for security as well as optimization reasons, the login authentication should be called before the main application is even run. In C#, this involves modifying the code in Program.cs. I'm not sure where to insert it in VB.
-
May 8th, 2008, 08:41 AM
#9
Re: [2005] - SQL Login Form
Follow the WinForms Login link in my signature.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|