0

BACKGROUND: I am writing an application in VB that ask for a user to login and enter in some data from product test.

PROBLEM: I have login form that talks to a sql database and makes sure the person is supplying the right username/password. The username gets passed to the main form. From here I want to be able to fill records from our main table that was added by the user that logged in. So the user can only interact with the records they have entered.

My issue is that I am fairly confident in VB, and I took a class in SQL but I have zero idea how to search this issue to figure out the proper way. I have looked a tableadapters.fill and .getdata but it doesn't seem to be the answer.

Login Form:

Imports System.Data
Imports System.Data.SqlClient

Public Class frmLogin
    Dim userName As String
    Dim extrainfo As String


     Private Sub btnLogin_Click(sender As Object, e As EventArgs) Handles                   btnLogin.Click
      If ConnectToSQL() Then

        Dim frm As New frmQuality(userName, extrainfo)
        Me.Hide()
        frm.Show()
        Me.Close()

    End If



     End Sub



Private Function ConnectToSQL() As Boolean

    Dim con As New SqlConnection
    Dim cmd As New SqlCommand
    Dim dbPassword As String
    Dim enteredPasswrd As String
    ' Dim userName As String

    Try



        con.ConnectionString = "Data Source "

        con.Open()

        cmd.Connection = con

        cmd.CommandText = " SELECT  UserName, Password, extrainfo  FROM  users WHERE   (UserName like '" & "%" & txtUsername.Text.ToLower() & "%" & "' )"



        Dim lrd As SqlDataReader = cmd.ExecuteReader()
        If lrd.HasRows Then
            While lrd.Read()

                'Do something here
                dbPassword = lrd("Password").ToString()
                userName = lrd("UserName").ToString()
                extrainfo = lrd("assigned_ei").ToString()


                enteredPasswrd = txtPassword.Text()

                If dbPassword.Trim() = enteredPasswrd And userName.TrimEnd(vbCrLf.ToCharArray).ToLower() = txtUsername.Text.ToLower() Then


                    Return True

                    'Clear all fields
                    txtPassword.Text = ""
                    txtUsername.Text = ""
                Else
                    MsgBox("Incorrect Password")
                End If

            End While

        Else
            MessageBox.Show("Username and Password do not match..", "Authentication Failure", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
            'Clear all fields
            txtPassword.Text = ""
            txtUsername.Text = ""
        End If

        Return False

    Catch ex As Exception
        MessageBox.Show("Error while connecting to SQL Server." & ex.Message)

    Finally
        con.Close() 'Whether there is error or not. Close the connection.

    End Try

End Function

Private Sub frmLogin_Load(sender As Object, e As EventArgs) Handles MyBase.Load
    txtUsername.Focus()

End Sub

 End Class

Main form

Pic:https://i.stack.imgur.com/tnJOv.png

Code

Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load

    Dim con As New SqlConnection
    Dim cmd As New SqlCommand

    Try


        con.ConnectionString = "Data Source = location"

        con.Open()

        cmd.Connection = con

        cmd.CommandText = " SELECT *  FROM  table WHERE adduser = '" & user & "'"

        Dim lrd As SqlDataReader = cmd.ExecuteReader()
        If lrd.HasRows Then
            While lrd.Read()

              ' i see that above can pull the info
              ' but how do I get it into the form?

            End While
        End If



    Catch ex As Exception
        MessageBox.Show("Error while connecting to SQL Server." & ex.Message)

    Finally
        con.Close() 'Whether there is error or not. Close the connection.

    End Try



End Sub

I have a database with the main table has 9 columns of information. One being called addUser which is the user that logs in and enters data. I need to have when they log in that it only displays their records. I do not want to directly attach to the textbox. As you can see from the form you can hit move around see from first to last record of the owner. I need to be able to browse the records. A person logs in and could 1 to 10 or more records. This application will let them move or create a new record. How do I do this?

R_bow93
  • 1
  • 1
  • You need to use a `SqlConnection`, `SqlCommand` and a `DataTable`. With these you can connect to the database using `SqlConnection`. Execute a SQL command with `SqlCommand` (make sure you use `SqlParameters`) and then fill a `DataTable`. You can then assign the `DataTable` to a view such as a `DataGridView`. Your `SELECT` statement would be something like `SELECT column1, column2 FROM table WHERE userId = @userId`. Change the columns to your columns and `table` to the name of your table. Something like [this](http://stackoverflow.com/a/41954987/6375113) may help. – Bugs Feb 01 '17 at 15:05
  • 1
    You can see from my comment that your question is pretty broad. There's a lot to consider so maybe look at what I've put together, have a go at it and then come back with a more specific issue :) – Bugs Feb 01 '17 at 15:07
  • ok thank you but i may need a little more pointing. I can create this but how do i get it into the form? on the form i have a a databinding to bring in the other information that is needed for the data entry. SO simply how do i get this "query" to become browsable on the form? – R_bow93 Feb 01 '17 at 15:30
  • @Jinx88909 It might be noteworthy that the OP claims to use MySql, so should be pointed to the MySql*, not the MS SQL Servers SqlConnection, et. – Filburt Feb 01 '17 at 15:34
  • @R_bow93 it's way to broad. We would need to see some code for us to have a better understanding of your problem. – Bugs Feb 01 '17 at 15:38
  • @Filburt good point, didn't see the tag. Same concept different object. – Bugs Feb 01 '17 at 15:39
  • @R_bow93 You're basically asking for the whole application to be written from the UI downwards. I think you need to read a tutorial rather than ask a question here. Googling might give you a start to find some: https://www.google.co.uk/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#safe=active&q=VB.NET+MySQL+tutorial – ADyson Feb 01 '17 at 15:41
  • There are plenty of articles on MSDN and literally hundreds of posts here for this. 8 million Google hits for 'vb.net read database' and 324,000 SO posts. Please read [Ask] and take the [Tour] – Ňɏssa Pøngjǣrdenlarp Feb 01 '17 at 15:55
  • add the code and ui so you know i am not asking you guys to do this for me. i just need a little help. – R_bow93 Feb 01 '17 at 16:01
  • You are not going to get very far using the SQLServer DB provider objects with a MySQL DB. 58,000 posts here for `vb.net mysql database` – Ňɏssa Pøngjǣrdenlarp Feb 01 '17 at 16:12
  • @Plutonix MySql turned miraculously into SQL Server when code joined the party. – Filburt Feb 01 '17 at 16:17
  • Side note: Your Login is vulnerable to [Exploits Of A Mom](https://xkcd.com/327/). You allow users to enter anything into the Username TextBox and pass it unchecked to your database command. – Filburt Feb 01 '17 at 16:20
  • Your code shows that you have to basics somewhat working (security issues aside). If you need further pointers, you will need to add details about the *Main Table* you'd like to read from and how you would identify a record as belonging to a specific user. – Filburt Feb 01 '17 at 16:26
  • `I just have no idea where to look for this issue.` 89,000 hits on SO for 'vb.net sqlserver database' You also seriously need to read [ask] and take the [tour]. We provide answers - not hints - which requires you ask a question. – Ňɏssa Pøngjǣrdenlarp Feb 01 '17 at 16:30
  • @Plutonix I am not sure what more I can say. I have a database with the main table has 9 columns of information. One being called addUser which is the user that logs in and enters data. I need to have when they log in that it only displays their record(s). How do I do this? – R_bow93 Feb 01 '17 at 16:38
  • @Plutonix I have been looking into this issue since Monday morning. I have not been able to find anything that satisfies what I need to get the information to show. If you type anything in my question it will divert you to beginner stuff of how to make a table in SQL, or how to get info and dump with no filter. I am getting frustrated at this because there seems to be no answer or guidance. – R_bow93 Feb 01 '17 at 16:45
  • @R_bow93 I would use a `DataTable`...`Dim dt As New DataTable`....`dt.Load(cmd.ExecuteReader)`... Then look at using a `DataGridView` if you have multiple rows and `DataGridView.DataSource = dt`. Something like that. Also look at the link I gave (top comment) and look at using parameters. It's a must that you look at using parameters. Code becomes better, easier to read and more importantly, secure. As Plutonix has said, read [ask] and take the [tour]. There is loads of information on displaying data on a form. It just depends on _how_ you want it to work. – Bugs Feb 01 '17 at 17:36
  • Also, and I know this might seem something else that is difficult to find, look at hashing your passwords. This isn't something I've had to do personally but there is loads of info out there about how to do it. – Bugs Feb 01 '17 at 17:39

1 Answers1

0

I think you are asking how to read data from a DataReader into a form field, such as a textbox. If so, this is the general structure of a line which will read from one of the returned database fields ("FieldName1") into one of the form fields ("TextBox1"). You just need to know your field names, and the IDs of the controls in your form.

TextBox1.Text = lrd("FieldName1").ToString()
ADyson
  • 57,178
  • 14
  • 51
  • 63
  • I edited the question. I need to be able to browse the records. A person logs in and could 1 to 10 or more records. This application will let them move or create a new record. – R_bow93 Feb 01 '17 at 18:01
  • then instead of loading all the records at one time, you'd load the first record from the DB. When the user presses the "Next" button it would load the next record in the sequence from the DB, and change the values in all the form fields. The create a new record, you'd have to blank out all the fields, let them fill it in from empty, and then obviously in both cases you have to handle the saving, deleting etc as well, which will be a lot more code. – ADyson Feb 01 '17 at 19:30