 |  |  |  |  |  |  |  |
Got stuck on creating a login and password form. Epic If statement needed
Please support our VB.NET advertiser: Intel Parallel Studio Home
Thread Solved |
I wanted to create a form where a user can create an account, have it loaded in SQL, and be able to retrieve the information and validate it. I've reached a mental block on the validation code and need some advice. Here is my code so far:
Do i need some sort of Epic if statement to validate what the user inputted into the text boxes or am i on the wrong path?
Thanks
VB.NET Syntax (Toggle Plain Text)
Do i need some sort of Epic if statement to validate what the user inputted into the text boxes or am i on the wrong path?
Thanks
•
•
•
•
Do i need some sort of Epic if statement to validate what the user inputted into the text boxes
•
•
•
•
am i on the wrong path
I don't know what type of DBAuser is. But the SQL syntax
"SELECT login,password FROM login WHERE userName = '" & txtUsername2.Text & "' AND password = '" & txtPassword2.Text & "'" is correct. After you execute that SQL statement, just check that a one and only one record is returned. If you get nil records, either user name or/and the password is incorrect.When you create a new account (INSERT statement), you should first check that the user name and the password combination does not exist already.
I would make a separate boolean function for that
VB.NET Syntax (Toggle Plain Text)
Teme64 @ Windows Developer Blog
add also in your login checking about sql injection or else it will be easily to hack...
A conclusion is the place where you got tired of thinking. http://www.martin2k.co.uk/forums/index.php?showforum=4
http://www.a1vbcode.com/a1vbcode/vbforums/Forum3-1.aspx
http://www.developerfusion.co.uk/for...orum&ForumID=4
Jireh is right about SQL injection. I didn't mention it because it's rarely an issue with Windows apps. If you're going to use the code with ASP.NET, there's a really bad security hole. And you'll be hacked sooner or later.
You do some replaces in your SQL INSERT statement. A few characters that you shouldn't allow in user name and password are ";", "-" and "'". To be more precise, the correct way to do it in a "safe way", is to define a set of allowed characters (a-z, 0-9 and a few other printable characters). If the user tries to create an account with an user name and/or a password containing any character that is not an allowed character, it should be rejected.
You do some replaces in your SQL INSERT statement. A few characters that you shouldn't allow in user name and password are ";", "-" and "'". To be more precise, the correct way to do it in a "safe way", is to define a set of allowed characters (a-z, 0-9 and a few other printable characters). If the user tries to create an account with an user name and/or a password containing any character that is not an allowed character, it should be rejected.
Teme64 @ Windows Developer Blog
DBAUser is my database adapter. As for the security and sql injection, this is just a personal project im doing for fun. I guess it would be useful later on so ill do some research on that. As for the password validation im still stuck on that part because I dont have much practice with Database adapters.
Okay i figured out the actual code if anybody's interested:
DBAuser.SelectCommand.CommandText = "SELECT COUNT(login) FROM login WHERE userName = '" & txtUsername2.Text & "' AND password = '" & txtPassword2.Text & "'"
DBAuser.Fill(DSLogin) 'fill dataset
If DSLogin.Tables(0).Rows(0).Item(0) > 0 Then '
'User entered proper login
DBAuser.SelectCommand.CommandText = "SELECT COUNT(login) FROM login WHERE userName = '" & txtUsername2.Text & "' AND password = '" & txtPassword2.Text & "'"
DBAuser.Fill(DSLogin) 'fill dataset
If DSLogin.Tables(0).Rows(0).Item(0) > 0 Then '
'User entered proper login
 |
Similar Threads
- How to create one login page in ASP.NET using C# (C#)
- login php form (PHP)
- Creating a Login Text file (VB.NET)
- PHP login/password script (PHP)
- login verification form (VB.NET)
- Creating login screens in VB6 (Visual Basic 4 / 5 / 6)
- Case Sensative (login/password) (Visual Basic 4 / 5 / 6)
- code for login and password..using vb6 (Visual Basic 4 / 5 / 6)
Other Threads in the VB.NET Forum
- Previous Thread: ConfigurationManager for Class Library Config
- Next Thread: I need help on a browser
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest VB.NET Posts
- Today's Posts
- Unanswered Threads
"crystal .net .net2005 30minutes 2008 access add application arithmetic array assignment basic binary bing box button buttons click code combo combobox component connectionstring convert cpu data database databasesearch datagrid datagridview design dissertation dissertations dissertationthesis dosconsolevb.net editvb.net employees excel exists file-dialog firewall folder hardcopy image images isnumericfuntioncall login math memory mobile module ms mssqlbackend mysql navigate net networking opacity output peertopeervideostreaming picturebox1 port printpreview problemwithinstallation project record regex reports" reuse right-to-left save savedialog search serial sqldatbase storedprocedure string temp text textbox timer toolbox txttoxmlconverter updown useraccounts usercontrol vb vb.net vb.netcode vb.nettoolboxvisualbasic2008sidebar vbnet view vista visual visualbasic visualbasic.net visualstudio web wpf xml
