| Author |
 Topic Search  Topic Options
|
IrishNewbie 
Newbie
Joined: 06 November 2003
Status: Offline
Points: 38
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: DB query
Posted: 16 November 2003 at 11:51am |
When i use the line
aQuery = "Select StudentID From Students Where (StudentID = '"& strUsername &"')"
what exactly happens if it finds the ID in the table?? How would i access the password assoc with this ID when im doin the following login authentication.
Sub Submit_OnClick(sender as Object, e as EventArgs)
If StudentLogin (txtUserName.Text, txtPassword.Text) Then
FormsAuthentication.RedirectFromLoginPage (txtUserName.Text, False)
Else
' Invalid credentials supplied, display message
lblMessage.Text = "Invalid login credentials"
End If
End Sub
Function StudentLogin (ByVal strUsername As String, _
ByVal strPassword As String) As Boolean
' Open DB
Dim aConnection As OleDbConnection = New OleDbConnection
Dim aConnectionString As String
Dim aQuery As String
aConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=C:\DB\records.mdb"
aConnection.ConnectionString = aConnectionString
Dim aCommand As OleDbCommand = New OleDbCommand
aConnection.Open()
aQuery = "Select StudentID From Students Where (StudentID = '"& strUsername &"')"
aCommand.Connection = aConnection
aCommand = New OleDbCommand(aQuery, aConnection)
aCommand.ExecuteNonQuery()
' Return True if UserID found else False
End Function
I'm confused as to where the ID is stored from the select statement if found in the table.
|
 |
MorningZ
Senior Member
Joined: 06 May 2002
Location: United States
Status: Offline
Points: 1793
|
Post Options
Thanks(0)
Quote Reply
Posted: 17 November 2003 at 6:26am |
First off... your query looks like you are trying to find a numeric ID, and you are feeding it "strUsername", which looks like a string that holds the person's username, not their numeric identification number
so you'll have to start by double checking and fixing that.....
then if that is the case and you are looking for a number in the SQL query, then you do not use single tic's around the right hand side of the equation (which says "against this string")
|
|
Contribute to the working anarchy we fondly call the Internet
|
|
IrishNewbie
Newbie
Joined: 06 November 2003
Status: Offline
Points: 38
|
Post Options
Thanks(0)
Quote Reply
Posted: 17 November 2003 at 8:01am |
morningZ,
Yea thats true, Im looking for a numeric ID in the table, I've changed this to suit but Im unsure of how to write the validation against the DB to check whether its valid or not. I'm attempting to do this in the following segment, could you give me your opinion on it?
Public Function Login(intID As Integer, strPassword As String)
Dim aConnection As New OleDbConnection, aCommand As New OleDbCommand, DbReader As OleDbDataReader, LoginSucces As Boolean
Dim aConnectionString As String
'The connection string
aConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=C:\DB\records.mdb"
aConnection.ConnectionString = aConnectionString
'Open the connection
aConnection.Open()
'Initialize the database command
aCommand.CommandText = "SELECT Pword FROM Students WHERE StudentID = " & intID & ""
Try
DbReader = aCommand.ExecuteReader()
While DbReader.Read
LoginSucces = True
End While
DbReader.Close
Catch
LoginSucces = False
End Try
aConnection.Close()
End Function
|
|
MorningZ
Senior Member
Joined: 06 May 2002
Location: United States
Status: Offline
Points: 1793
|
Post Options
Thanks(0)
Quote Reply
Posted: 17 November 2003 at 8:15am |
well yeah..
you pass in "strPassword" into the function, but no where in the code do you check against that....
man, i hate to say it, you have a far uphill climb in programming whatever it is you are programming if you are getting tripped up on this stuff
|
|
Contribute to the working anarchy we fondly call the Internet
|
|
IrishNewbie
Newbie
Joined: 06 November 2003
Status: Offline
Points: 38
|
Post Options
Thanks(0)
Quote Reply
Posted: 17 November 2003 at 8:34am |
Can i say something like,
If (strPassword = aCommand.CommandText)
LoginSucess=True
?????
Ive tried it but I dont think i should be using aCommand.CommandText. I just dont know how to use the Pword once i select if from the DB, i dont know where it gets stored
|
|
MorningZ
Senior Member
Joined: 06 May 2002
Location: United States
Status: Offline
Points: 1793
|
Post Options
Thanks(0)
Quote Reply
Posted: 17 November 2003 at 8:39am |
 IrishNewbie wrote:
I just dont know how to use the Pword once i select if from the DB, i dont know where it gets stored
|
you arent even selecting it from the database!!!! so "where it gets stored" is the least of your problems
|
|
Contribute to the working anarchy we fondly call the Internet
|
|
IrishNewbie
Newbie
Joined: 06 November 2003
Status: Offline
Points: 38
|
Post Options
Thanks(0)
Quote Reply
Posted: 17 November 2003 at 8:41am |
|
Man theres no need to be a prick about everything. This is meant as a discussion board where people can talk about ASP.net and problems they are having, just because every member isnt a natural born genius like you are doesnt give you the right to act like you do.
|
|
MorningZ
Senior Member
Joined: 06 May 2002
Location: United States
Status: Offline
Points: 1793
|
Post Options
Thanks(0)
Quote Reply
Posted: 17 November 2003 at 9:16am |
i dont think i am a "genious" nor everyone else should be...
but this stuff is basic basic basic stuff... stuff that has absolutely zero to do with .NET code, it all has to do with common sense
you are looking to compare a user entered value to a value in the database and your code doesn't even try to do it.... no where in any of all the code you posted do you ask the database: "is the value entered the same as the value in the database"
you need to start off way more simple than you are, because you are waaaaaay over your head.... people on message boards and etc can help you to a point, but you HAVE to know the basics yourself first
|
|
Contribute to the working anarchy we fondly call the Internet
|
|
