0

I'm writing a program that asks a user to input their username and password into my database on localhost that uses phpmyadmin. I tried following this tutorial on how to do it: https://www.youtube.com/watch?v=jZsTLlFoNuo and I can connect to the Database just fine, I think my problem is my SQL statement. Here is my code for the form:

Imports MySql.Data.MySqlClient


Public Class frmSignup
Dim ServerString As String = "Server=localhost;User    Id=;Password=;Database=AccountInfo"
Dim SQLConnection As MySqlConnection = New MySqlConnection

Private Sub Form3_Load(sender As Object, e As EventArgs) Handles MyBase.Load
    SQLConnection.ConnectionString = ServerString

    Try
        If SQLConnection.State = ConnectionState.Closed Then
            SQLConnection.Open()
            MsgBox("Successfully connected to DB")

        Else
            SQLConnection.Close()
            MsgBox("Failed to connect to DB")
        End If
    Catch ex As Exception
        MsgBox(ex.ToString)

    End Try
End Sub

Public Sub SaveAccountInformation(ByRef SQLStatement As String)
    Dim cmd As MySqlCommand = New MySqlCommand

    With cmd
        .CommandText = SQLStatement
        .CommandType = CommandType.Text
        .Connection = SQLConnection
        .ExecuteNonQuery()
    End With
    SQLConnection.Close()
    MsgBox("Successfully Registered Account!")
    SQLConnection.Dispose()
End Sub

Private Sub btnSignup_Click(sender As Object, e As EventArgs) Handles btnSignup.Click
    If txtPasswd.Text = txtPasswd2.Text Then
        MessageBox.Show("Passwords Match!")
                    Dim SQLStatement1 As String = "INSERT INTO `accountinfodb` (`Usernames`, `Passwords`) VALUES ('', '')"


    Else
        MessageBox.Show("Passwords Do Not Match!")
        txtPasswd.Text = Focus()
        txtPasswd.Clear()
        txtPasswd2.Text = Focus()
        txtPasswd2.Clear()

    End If
End Sub
End Class

My database is called "Account Information" with my table called "Accounts" which is where I wanted to store their username and password.

So my overall question is, how do I store my information(Username & Password) into phpmyadmin? I've tried looking on Google, but to no avail have I found anything. If anyone could help me succeed that would be awesome, thank you!

EDIT 1

So now I have an error in my SQL Syntax, so I'm about 99% sure it's my SQL Statement in my code that is incorrect when storing the username and password.

       Dim SQLStatement1 As String = "INSERT INTO accountinfo(accountinfodb) (`Usernames`, `Passwords`) VALUES ('" & txtPasswd.Text & txtUsername.Text & "')"

Gives me the error:

An unhandled exception of type 'MySql.Data.MySqlClient.MySqlException' occurred in MySql.Data.dll

Additional information: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Usernames, Passwords) VALUES ('123123')' at line 1

When I type 123 for the username, and 123 for the password.

Isaac Bennetch
  • 11,830
  • 2
  • 32
  • 43
Jcrow
  • 53
  • 2
  • 9
  • 1
    Dont store passwords as plaintext. Hash them. I am not sure this has anything to do with phpadmin since it appears you are just trying to save them to a MySql database. Otherwise, there should be an error message. It doesnt look like you ever call `SaveAccountInformation` and you dont need a global connection open the whole time – Ňɏssa Pøngjǣrdenlarp Jan 16 '16 at 19:42
  • @Plutonix I was going to store them as a salted MD5 hash, I just want to store the username and passwd into my DB to make sure that it actually works. I'm using phpmyadmin as my GUI for my MySQL database, have I perhaps setup the database incorrectly? My database setup can be seen here: http://imgur.com/4bowwG6 When I run my program, I enter the username and password, I then go to phpmyadmin, but can't see what I've entered anywhere whatsoever, I think there could possibly be something wrong with my SQL Statement? – Jcrow Jan 16 '16 at 19:46
  • MD5 is suboptimal especially since using SHA or PBKDF2 are just as easy to use. See [Is it safe for me to store usernames and passwords in the database?](http://stackoverflow.com/q/31146658/1070452) – Ňɏssa Pøngjǣrdenlarp Jan 16 '16 at 19:48
  • @Plutonix, Ok thanks, I'm just more worried on actually getting the information INTO the database rather than what encryption I'll use for my password(I want to worry about that later), do you have any idea on why my user input may not be storing into my database? – Jcrow Jan 16 '16 at 19:51
  • as I said... *It doesnt look like you ever call `SaveAccountInformation`* – Ňɏssa Pøngjǣrdenlarp Jan 16 '16 at 19:52
  • @Plutonix yes you're correct, I forgot a line to call the sub, I added Saveaccountfino(SQLStatement1) now this time I get an error, about my table not existing, even though I'm looking at it right now, so I think NOW it's probably my SQL statement that is incorrect – Jcrow Jan 16 '16 at 20:03
  • @Plutonix I can add usernames to the Database now! But, not the passwords unfortunately, I tried adding a different SQL Statement for just the passwords, exactly the same as my username one, and calling the sub again doing SaveAccountInformation(SQLStatement2) but then I get an error that the connection must be valid or open! – Jcrow Jan 16 '16 at 20:28

1 Answers1

0
Dim SQLStatement1 As String = "INSERT INTO accountinfo(accountinfodb) (Passwords,Usernames) VALUES ('" & txtPasswd.Text "', '" & txtUsername.Text & "')"

But if you want more security (Sql injection attack)

    Dim ServerString As String = "Server=localhost;User Id=;Password=;Database=AccountInfo"
    Dim query As String = "INSERT INTO accountinfo(accountinfodb) (Passwords,Usernames) VALUES (@txtPasswd, @txtUsername)"
    cmd = New MySqlCommand(query, ServerString)
    cmd.CommandType = CommandType.Text
    cmd.Parameters.Add("@txtPasswd", SqlDbType.VarChar, 255).Value = txtPasswd.Text
    cmd.Parameters.Add("@txtUsername", SqlDbType.VarChar, 255).Value = xtUsername.Text
    cmd.ExecuteNonQuery()
Mysta
  • 79
  • 11