Hiya guys, I am wondering whether anyone can help me, I have been stuck on this for weeks. I have got a similar thing working but I just cannot get this working. I have got a SQL Server Database integrated into my VB application. There is a table called 2HaulierLogIn that has got the following columns:
- Primary Key: ID
- Foreign Key: Haulier ID
- Username
- Password

The Haulier ID can either be 1 (JKP) or 2 (Clarke) I want to query the table to check the username and password then if Haulier ID = 1 go to Page A or if Haulier ID = 2 go to Page B. This is the code I have got so far; the connection works, but it skips sraight to the error part "Invalid Log In". Could someone please please help me?


            If combohaulier.SelectedItem = "John K Philips" Then
                haulier = 1
                haulier = 2
            End If

            TextBox1.Text = haulier

            Dim objconnection1 As SqlConnection = New SqlConnection("Data Source=(LocalDB)\v11.0;AttachDbFilename=C:\Users\Cara\Documents\Visual Studio 2012\Projects\Online Portal Solutions\Online Portal Solutions\Online Portal Solutions Database.mdf;Integrated Security=True")

            Dim SelectStmt1 As String = "SELECT HaulierID, Username, Password FROM [2HaulierLogIn] WHERE HaulierID='" & TextBox1.Text & "' AND Username='" & txt_cusername.Text & "' COLLATE SQL_Latin1_General_CP1_CS_AS AND Password='" & txt_cpassword.Text & "' COLLATE SQL_Latin1_General_CP1_CS_AS ;"
            Dim objcommand1 As SqlCommand = New SqlCommand(SelectStmt1, objconnection1)
            Dim reader1 As SqlDataReader = objcommand1.ExecuteReader

            If reader1.Read Then
                If TextBox1.Text <> reader1("HaulierID").ToString And txt_hpassword.Text <> reader1("Password").ToString And txt_husername.Text <> reader1("Username").ToString Then
                End If

                'ElseIf reader1.Read Then
                'If haulier = "2" And txt_hpassword.Text <> reader1("Password").ToString And txt_husername.Text <> reader1("Username").ToString Then
                'End If

                Static count1 As Integer = 0
                Dim prompt1 As DialogResult = MessageBox.Show("Invaild Username or Password.", "Login Error",
                                                             MessageBoxButtons.RetryCancel, MessageBoxIcon.Warning)
                Select Case prompt1
                    Case Windows.Forms.DialogResult.Retry
                        txt_husername.Text = ""
                        txt_hpassword.Text = ""
                        count1 += 1
                        If count1 = 3 Then
                            MessageBox.Show("High value of failed login attempts." & vbCrLf & "Application will be terminated for security reasons.", "Error",
                                            MessageBoxButtons.OK, MessageBoxIcon.Stop)
                        End If
                    Case Windows.Forms.DialogResult.Cancel
                End Select
            End If
        Catch ex As Exception

        End Try

In line 19, use "String.Compare" instead of "<>". This seems unnecessary however, because you already passed all of the information in your SQL query and if it returns any rows, then the information is correct. You could just do a Select Count(*) FROM ...., if the result == 1 then the login information is correct. If the result== 0 then the login information was incorrect.

This article has been dead for over six months. Start a new discussion instead.