Member Avatar for Ycefire

Hi there, I'm a beginner in ASP.NET with VB and I'm stuck on problem with a SQL query. I'd like to ask you for advice what does my page or config file miss.

thats how my form looks like

<form id="form1" runat="server">
    <div style="margin: 0 auto; width: 180px;">
        <asp:Label Width="100px" ID="lblJmeno" runat="server" Text="Jméno:"></asp:Label>
        <asp:Textbox ID="txtJmeno" runat="server"></asp:Textbox>
    <br />
        <asp:Label withd="100px" ID="lblHeslo" runat="server" Text="Heslo:"></asp:Label>
        <asp:TextBox ID="txtHeslo" runat="server" TextMode="Password"></asp:TextBox>
    <br />
        <asp:Button ID="cmdOdeslat" runat="server" Text="Přihlásit" onclick="LogIn"> </asp:Button>
    </div>
        <asp:Label ID="lblStatus" runat="server" Font-Bold="True" Font-Italic="True" Font-Size="Medium"></asp:Label>
    </form>

this is how my *aspx.vb file looks like

Partial Class _Default
    Inherits System.Web.UI.Page


    Public Sub LogIn(ByVal sender As Object, ByVal e As System.EventArgs) Handles cmdOdeslat.Click
        Dim connStr As String = "Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True"
        Dim sqlconnet As Data.SqlClient.SqlConnection
        Dim MyComm As Data.SqlClient.SqlCommand

        sqlconnet = New Data.SqlClient.SqlConnection()
        sqlconnet.ConnectionString = connStr
        MyComm = New Data.SqlClient.SqlCommand("", sqlconnet)

        MyComm.CommandType = Data.CommandType.Text
        MyComm.CommandText = "SELECT * FROM identifikace WHERE (identifikacni_kod =’" & txtJmeno.Text & "‘) AND (heslo = ‘" & txtHeslo.Text & "‘) "
        sqlconnet.Open()

        Dim result As Data.SqlClient.SqlDataReader = MyComm.ExecuteReader(Data.CommandBehavior.CloseConnection)


        If result.HasRows = False Then

            lblStatus.Text = "Heslo nebo jméno se neshoduje s údaji v databázi!"

        Else

            Session("jmeno") = txtJmeno.Text
            Response.Redirect("success.aspx")

        End If

        result.Close()

    End Sub
End Class

Should be working now, sorry for post, but I found syntax errors by reading source code here, not in my editor *FACEPALM*

Edited by Ycefire because: First step solved by syntax error
  • 3 Contributors
  • 3 Replies
  • 796 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by Ycefire
Member Avatar for kvprajapati

Put single quote.

MyComm.CommandText = "SELECT * FROM identifikace WHERE  identifikacni_kod ='" & txtJmeno.Text & "' AND heslo ='" & txtHeslo.Text & "')"
Edited by kvprajapati because: n/a
Member Avatar for V-i-r-u-s

Hi... I don't programming with vb.. but i thing it will be better to use parameters in sql command:
string identifikacni_kod = txtJmeno.Text
string heslo = txtHeslo.Text //( dont know what is in VB, i mean, do you use string or var )
MyComm.CommandText = "SELECT * FROM identifikace WHERE identifikacni_kod ='@identifikacni_kod' AND heslo ='@heslo'"
MyComm.Parameters.Add(New SqlCeParameter("@identifikacni_kod", identifikacni_kod))
MyComm.Parameters.Add(New SqlCeParameter("@haslo", haslo))

Member Avatar for Ycefire

Thanx Adatapost and also thank you V-i-r-u-s.
Problem is solved, so the source code presented in my first post is now fully working (when u replace ´ with ' at the line 15)

Edited by Ycefire because: n/a
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.