Wrox Programmer Forums
|
VB.NET 2002/2003 Basics For coders who are new to Visual Basic, working in .NET versions 2002 or 2003 (1.0 and 1.1).
Welcome to the p2p.wrox.com Forums.

You are currently viewing the VB.NET 2002/2003 Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old February 13th, 2008, 08:19 AM
Authorized User
  
Join Date: Dec 2006
Posts: 35
Thanks: 0
Thanked 0 Times in 0 Posts
Default LogIn Error
I am getting an error that reads:

Line 1:Incorrect syntax near 'Username'


This error happens at a point in my code when i am verifying a users creadentials.

Dim saved As String = hdcmd.ExecuteScalar()

Please advice
 
Old February 13th, 2008, 08:44 AM
Friend of Wrox
  
Join Date: Oct 2007
Posts: 130
Thanks: 0
Thanked 3 Times in 3 Posts
Send a message via AIM to urtrivedi
Default
your sql command text may contain some error. Please post your sql query.

urt

Help yourself by helping someone.
 
Old February 13th, 2008, 10:19 AM
Authorized User
  
Join Date: Dec 2006
Posts: 35
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Hello urt

hdstr = "SELECT Password FROM LogFile WHERE Username=' & UsernameTextBox.Text & "'"
hdcmd = New SqlCommand(hdstr, hdcon)
hdcmd.Parameters.Add(New SqlParameter("Username", UsernameTextBox.Text))

the last line is what i beleive is throwing the error.

Thanks
asters
 
Old February 13th, 2008, 11:51 AM
planoie's Avatar
Friend of Wrox
  
Join Date: Aug 2003
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default
You are mixing apples and oranges. Either build the full query or use parameters (I'd recommend the latter). In this case you are not providing the sql command a username variable to fill in. Try something like this:

hdstr = "SELECT Password FROM LogFile WHERE Username=@UserName"
hdcmd = New SqlCommand(hdstr, hdcon)
hdcmd.Parameters.Add(New SqlParameter("@Username", UsernameTextBox.Text))

Doing this will also help reduce your suseptibility to SQL injection attacks. Someone could put in a value into your username textbox that looks like this:

   '; <some some really bad database stuff here>; select '

That would execute the second part of the query because they put in the quote delimiters that close the username value.

-Peter
 
Old February 15th, 2008, 03:56 AM
Authorized User
  
Join Date: Dec 2006
Posts: 35
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Thank you this worked.





Similar Threads
Thread Thread Starter Forum Replies Last Post
Login Timeout Expired error smnel ASP.NET 2.0 Basics 0 May 7th, 2008 06:58 AM
Login Error lem ASP.NET 2.0 Basics 1 November 16th, 2007 09:28 AM
Login error: session_start() gamber Beginning PHP 2 April 27th, 2006 10:25 AM
Error while creating login page manash.2005 BOOK: ASP.NET Website Programming Problem-Design-Solution 1 January 28th, 2006 07:53 AM
Login Page Parser Error? [email protected] Classic ASP Databases 3 July 27th, 2004 02:15 PM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.