1

Hello :) I'm a newbie in VB.NET and I'm trying to create a 'create account' form. However like what I put in the codes, whenever I try to debug, it keeps saying Failed to connect to database? Can somebody tell me what's wrong thank you 

Public Class Form2

        Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
            ' Check if username or password is empty
            If TextBox1.Text = "" Or TextBox2.Text = "" Then
                MessageBox.Show("Please complete the required fields.", "Authentication Error!", MessageBoxButtons.OK, MessageBoxIcon.Error)
            Else
                ' Both fields was supply
                ' Check if user exist in database
                ' Connect to DB
                Dim conn As New System.Data.OleDb.OleDbConnection()
                conn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Thesis\Thesis\Database2.accdb"

                Try
                    'conn.Open()
                    'MsgBox("Susscess")

                    Dim sql As String = "INSERT * INTO tbl_user WHERE username='" & TextBox1.Text & "' AND password = '" & TextBox2.Text & "'"
                    Dim sqlCom As New System.Data.OleDb.OleDbCommand(sql)

                    'Open Database Connection
                    sqlCom.Connection = conn
                    conn.Open()

                    Dim sqlRead As System.Data.OleDb.OleDbDataReader = sqlCom.ExecuteReader()

                    If sqlRead.Read() Then
                        Form3.Show()
                        Me.Hide()
                    End If

                Catch ex As Exception
                    MessageBox.Show("Failed to connect to Database..", "Database Connection Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
                End Try

            End If

        End Sub

        Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
            Me.Hide()
            Form1.Show()
        End Sub

        Private Sub Form2_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

        End Sub

        Private Sub TextBox1_TextChanged(sender As System.Object, e As System.EventArgs) Handles TextBox1.TextChanged

        End Sub


    End Class
Phonseal
  • 31
  • 6
  • 2
    You need to share the original error message. Place a breakpoint inside catch, or remove the try catch. – Bjørn-Roger Kringsjå Dec 20 '14 at 10:22
  • Are you sure that the file exists in the path used? – Steve Dec 20 '14 at 10:22
  • 1
    As @Bjørn-RogerKringsjå said, there is no point in writing a generic error message in a catch block. If you really want to keep it at least use the ex.Message property in your output message – Steve Dec 20 '14 at 10:24
  • If I were to guess : You're probably receiving a `Syntax error in INSERT INTO statement` because `password` is a [reserved word](http://support2.microsoft.com/kb/321266). So by enclosing it in square brackets `[password]` would solve this issue. – Bjørn-Roger Kringsjå Dec 20 '14 at 10:45
  • @Bjørn-Roger Kringsjå I placed a breakpoint inside catch as you said and "OleDbException caught Syntax error in INSERT INTO statement." – Phonseal Dec 20 '14 at 10:46
  • @Bjørn-Roger Kringsjå I put the square brackets but i still get the error :/ – Phonseal Dec 20 '14 at 10:49
  • 1
    Your query is incorrect. Please look at @Steve's answer. – Bjørn-Roger Kringsjå Dec 20 '14 at 10:55

1 Answers1

0

You have effectivelly hidden the error message. If you want to know exactly what's going on, you need to change that catch block and print out the error message from the Exception object.
Something like this 

Catch ex as Exception
    MessageBox.Show("Error:" & ex.Message)
End Try

Said that, there are at least four problems in your code.

First: You should never use string concatenation to create sql commands. Albeit Access is a bit more complex to exploit, the problem of Sql Injection should be avoided. Using parameters also helps a lot to remove possible syntax errors caused by the presence of single quotes inside the string values.

Second: PASSWORD is a reserved word in Access and cannot be used without enclosing it in square brackets (If it is possible, to avoid future errors, change that column name)

Third: You forget to close the connection. This is a subtle problem because you don't notice it immediately. Instead you slowly start to consume system resources until, in erratic point of your program, you receive error messages when you try to open another connection. Applying the Using statement around your data access code block you will be sure that, whatever happen inside that block, the connection will be closed when you exit the End Using statement. And this is true also in case of exceptions raised by syntax errors or other problems.

Fourth The syntax used for the INSERT INTO is wrong. See this for INSERT INTO syntax, basically you need to list the columns that will receive the values and then put the VALUES corresponding to the columns (using the parameters placeholders). The WHERE clause is meaningless in an INSERT (no previous record to find for read or update)

Try    
    Using conn = New System.Data.OleDb.OleDbConnection()
        conn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;" & _
                                "Data Source=C:\Thesis\Thesis\Database2.accdb"


        Dim sql As String = "INSERT INTO tbl_user (username, [password]) " & _
                            "VALUES (@uname, @pwd)"
        Dim sqlCom As New System.Data.OleDb.OleDbCommand(sql, conn)
        sqlCom.Parameters.AddWithValue("@uname", TextBox1.Text)
        sqlCom.Parameters.AddWithValue("@pwd", TextBox2.Text)
        conn.Open()
        ....
    End Using
Catch ex as Exception
    MessageBox.Show("Error:" & ex.Message)
End Try

Finally, it is considered a very bad practice from a security standpoint to store passwords in clear text. A simply look at your table and you (or someone else) could know the passwords of all users. You should learn how to store and retrieve a password hash

Community
  • 1
  • 1
Steve
  • 213,761
  • 22
  • 232
  • 286
  • Sorry for the bother but can you tell me how to continue off of .... and how to know when to close the connection? I can only go far when I watch tutorials on youtube and such and am so confuse. :/ – Phonseal Dec 20 '14 at 11:10
  • As a rule of thumb, what you open in a block of code, you should close in the same code block. That's the beauty of the Using statement. – Steve Dec 20 '14 at 11:13
  • 1
    Thank you so much for the great answers :) I figured it out already ^^ – Phonseal Dec 20 '14 at 11:23