-1

I'm currently working on a MySQL connection in my VB.net app. I have a form which has the following code:

Imports System.Data
Imports System.Data.SqlClient

Public Class Form4
    Private Sub Form4_Load(sender As Object, e As EventArgs) Handles MyBase.Load

End Sub

Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
    ConnectToSQL()
End Sub

Private Sub ConnectToSQL()
    Dim con As New SqlConnection
    Dim cmd As New SqlCommand
    Dim Password As String
    Dim Password2 As String
    Dim userName As String

    Try
        If con.ConnectionString = "Network Library=DBMSSOCN;""Data Source=myserver,1433;""Initial Catalog=users;""User ID=myuser;password=mypass;" Then
            con.Open()

            cmd.Connection = con
            cmd.CommandText = "SELECT user_username, user_pass FROM users WHERE (user_username = '" & txtUsername.Text & "' ) AND (user_pass = '" & txtPassword.Text & "')"

            Dim lrd As SqlDataReader = cmd.ExecuteReader()
            If lrd.HasRows Then
                While lrd.Read()

                    Password = lrd("Password").ToString()
                    userName = lrd("UserName").ToString()

                    Password2 = txtPassword.Text()

                    If Password = Password2 And userName = txtUsername.Text Then

                        MessageBox.Show("Logged in successfully as " & userName, "", MessageBoxButtons.OK, MessageBoxIcon.Information
                                        )
                        Form2.Show()
                        Me.Hide()

                        txtPassword.Text = ""
                        txtUsername.Text = ""

                    End If

                End While

            Else
                MessageBox.Show("Username or Password incorrect...", "Authentication Failed", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
                txtPassword.Text = ""
                txtUsername.Text = ""
            End If

        End If

    Catch ex As Exception
        MessageBox.Show("Error while connecting to SQL Server." & ex.Message)

    Finally
        con.Close()
    End Try
End Sub

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
    Me.Close()
End Sub
End Class

Everytime I run the application, I enter the login details correctly and click on the sign in button (Button2). The problem is, it doesn't do anything. It doesn't throw an exception, doesn't even try to login to the server as far as I can tell. I replaced the login details with that of my own server, so that's not the problem. Did I miss something?

oetoni
  • 3,269
  • 5
  • 20
  • 35
Jay Lee
  • 1
  • 1

1 Answers1

0

Don't store passwords in clear-text!
Furthermore your code is prone to sql incjection.

Nothing happens because this If will never be true:

...
If con.ConnectionString = "Network Library=DBMSSOCN;""Data Source=myserver,1433;""Initial Catalog=users;""User ID=myuser;password=mypass;" Then
...
MatSnow
  • 7,357
  • 3
  • 19
  • 31
  • I see... I've removed the `If` statement but now I'm getting the error: "Error while connecting to SQL Server.Keyword not supported: 'data source'". – Jay Lee Nov 16 '17 at 10:21
  • The connectionstring seems to be a total mess. For mysql it should be something like `Server=myServerAddress;Database=myDataBase;Uid=myUsername;Pwd=myPassword;`. Also the doubled double qoutes are not needed/wrong - have a look at [this site](https://www.connectionstrings.com/mysql/) – MatSnow Nov 16 '17 at 10:36
  • Getting a weird exception now... "Exception thrown: 'System.Data.SqlClient.SqlException' in System.Data.dll" – Jay Lee Nov 16 '17 at 10:40
  • You tagged mysql but you try to use `System.Data.SqlClient` which is being used for MS SQL Server. And this is not the whole text of the Exception. Edit your question and add your new connectionstring and the whole exception. – MatSnow Nov 16 '17 at 11:11