0

Hi! I tried creating a log-in screen that is connected to a database from the examples I've seen on the net.
The thing is, I wanted to put a function where the user can only log in if the account is not yet expired.
for that, I've put a datefield in the db, but don't know how to put the function in the log-in screen.
How do I check if the Expiration date is not today?

Dim login As String
        login = "Select * from usernames where Username = '" & TextBox2.Text & "' and [Password] = '" & TextBox1.Text & "' "
        executesql(login)

I hope anyone can take their time to answer my problem >.< thank you in advance to those people.

3
Contributors
6
Replies
26
Views
3 Years
Discussion Span
Last Post by Ashenvale
Featured Replies
  • You should be using [parameterized queries](http://www.daniweb.com/software-development/vbnet/code/445801/avoiding-sql-injection-attacks). But to answer your question, try login = "SELECT * from usernames " _ & " WHERE Username = '" & TextBox2.Text & "' " _ & " AND [Password] = '" & TextBox1.Text & "' " _ & " AND GETDATE() < ExpireDate" … Read More

  • 1

    Assuming the time part of your date is consistent (such as midnight), it's a simple check against getdate(): "select * from usernames where [Username] = '" & TextBox2.Text & "' and [Password] = '" & TextBox1.Text & "' and [ExpiresOn] >= getdate()" You might also consider using parameterized queries instead … Read More

1

You should be using parameterized queries. But to answer your question, try

login = "SELECT * from usernames " _
      & " WHERE Username   = '" & TextBox2.Text & "' " _
      & "   AND [Password] = '" & TextBox1.Text & "' " _
      & "   AND GETDATE()  < ExpireDate"

or use "<=" if the user can still log in on the ExpireDate.

1

Assuming the time part of your date is consistent (such as midnight), it's a simple check against getdate():

"select * from usernames where [Username] = '" & TextBox2.Text & "' and [Password] = '" & TextBox1.Text & "' and [ExpiresOn] >= getdate()"

You might also consider using parameterized queries instead of string concatenation for security reasons (and to make the query easier to read).

Edited by deceptikon

0

:) thanks for the reply!.

btw @Reverend Jim

this line here is from the link you've given me

 Dim cmd As New SqlCommand("", con)

I get this error that says:'con' is not declared. It may be inaccessible due to its protection level.

0

oh wait :D I missed this 1 line haha

Dim con As New OleDbConnection("Provider=SQLNCLI10;Server=.\SQLEXPRESS;Database=PUBS;Trusted_Connection=Yes;Connect Timeout=15;")
0

The line above that is

Dim con As New SqlConnection("Server=.\SQLEXPRESS;Database=PUBS;Trusted_Connection=yes;")

Do you understand the example or would you like me to add a little more detail to the explanation?

Edited by Reverend Jim

0

nope! its up and running XD thank u so much!!! It's just that the first time I saw the codes, my browser did not load the site properly and there were missing text XD thanks a lot! Such a great tutorial.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.