Skip to content
Advertisement

vb Directly putting sql data from database into textbox once login is sucessful

I need some help with putting the SQL data from my database directly into Textbox1 (Firstname) and Textbox2 (lastname) once the login is successful. Basically, my code validates the username, password, and email (using the stored password, username, and email from my sql table). Then, its supposed to put the firstname and lastname attached to the username, password, and email into textbox1 and textbox2. However, all the tutorials I’ve tried use a dropdownlist. Can someone please tell me what I need to get that part of my code running correctly? This is the first attempt I made. Here’s my code:

Protected Sub Button5_Click(sender As Object, e As EventArgs) Handles Button5.Click

    If TextBox7.Text = Nothing Then
        MsgBox(“Please enter Username”, vbExclamation, “Error”)
        Exit Sub
    End If

    If TextBox8.Text = Nothing Then
        MsgBox(“Please enter Password”, vbExclamation, “Error”)
        Exit Sub
    End If

    If TextBox9.Text = Nothing Then
        MsgBox(“Please enter Email”, vbExclamation, “Error”)
        Exit Sub
    End If

    Dim un, pw, em, dbUN, dbPW, dbEM As String

    un = TextBox7.Text
    pw = TextBox8.Text
    em = TextBox9.Text

    Dim cmdUN As New SqlCommand("Select UserName from MembershipInfo where UserName = @p1", con)

    With cmdUN.Parameters
        .Clear()
        .AddWithValue("@p1", un)
    End With

    Dim cmdPW As New SqlCommand("Select Password from MembershipInfo where UserName = @p1", con)

    With cmdPW.Parameters
        .Clear()
        .AddWithValue("@p1", un)
    End With

    Dim cmdEM As New SqlCommand("Select Email from MembershipInfo where UserName = @p1", con)

    With cmdEM.Parameters
        .Clear()
        .AddWithValue("@p1", un)
    End With

    Dim cmdPUN As New SqlCommand("Select Firstname, Lastname From MembershipInfo where Username = @p1, Password = @p2, Email = @p3")
    Dim myreader As SqlDataReader

    With cmdPUN.Parameters
        .Clear()
        .AddWithValue("@p1", un)
        .AddWithValue("@p2", pw)
        .AddWithValue("@p3", em)
    End With

    Try
        If con.State = ConnectionState.Closed Then con.Open()
        dbUN = cmdUN.ExecuteScalar
        dbPW = cmdPW.ExecuteScalar
        dbEM = cmdEM.ExecuteScalar
        myreader = cmdPUN.ExecuteReader()
        myreader.Read()

        If myreader.HasRows Then
            TextBox1.Text = myreader.Item("Firstname").ToString
            TextBox2.Text = myreader.Item("Lastname").ToString
        End If

    Catch ex As Exception
        Response.Write(ex.Message)
    Finally
        con.Close()
    End Try

    If (un = dbUN And pw = dbPW And em = dbEM) Then
        MsgBox("Login Sucessful", vbExclamation, "Welcome")

    Else

        If un <> dbUN Then
            MsgBox("Username does not match, please try again", vbExclamation, "Error")

        Else

            If pw <> dbPW Then
                MsgBox("Password does not match, please try again", vbExclamation, "Error")

            Else

                If em <> dbEM Then
                    MsgBox("Email does not match, please try again", vbExclamation, "Error")
                End If

            End If

        End If

    End If

    TextBox7.Text = String.Empty
    TextBox8.Text = String.Empty
    TextBox9.Text = String.Empty

End Sub

Advertisement

Answer

I would have thought that an email could uniquely identify your user and a User Name would be unnecessary. You should NEVER store passwords as plain text. I already gave explanations in my last answer to you. I hope you go back and look. I gave your controls descriptive names and I suggest you do the same.

Protected Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
    If Not ValidateInput() Then
        Exit Sub
    End If
    Dim dt As DataTable
    Try
        dt = ValidateUser(txtUserName.Text, txtEmail.Text, txtPassword.Text)
    Catch ex As Exception
        Response.Write(ex.Message)
        Exit Sub
    End Try
    If dt.Rows.Count > 0 Then
        txtFirstName.Text = dt(0)("Firstname").ToString
        txtLastName.Text = dt(0)("Lastname").ToString
        MsgBox("Login Sucessful", vbExclamation, "Welcome")
        txtUserName.Text = String.Empty
        txtEmail.Text = String.Empty
        txtPassword.Text = String.Empty
    End If
End Sub

Private Function ValidateInput() As Boolean
    If txtUserName.Text = Nothing Then
        MsgBox(“Please enter Username”, vbExclamation, “Error”)
        Return False
    End If

    If txtEmail.Text = Nothing Then
        MsgBox(“Please enter Email”, vbExclamation, “Error”)
        Return False
    End If

    If txtPassword.Text = Nothing Then
        MsgBox(“Please enter Password”, vbExclamation, “Error”)
        Return False
    End If
    Return True
End Function

Private Function ValidateUser(UName As String, Email As String, PWord As String) As DataTable
    Dim dt As New DataTable
    Using cn As New SqlConnection("Your connection string."),
            cmdUN As New SqlCommand("Select FirstName, LastName from MembershipInfo where UserName = @User And Email = @Email And Password = @Password", cn)
        cmdUN.Parameters.Add("@User", SqlDbType.VarChar).Value = UName
        cmdUN.Parameters.Add("@Email", SqlDbType.VarChar).Value = Email
        cmdUN.Parameters.Add("@Password", SqlDbType.VarChar).Value = PWord
        cn.Open()
        Using reader = cmdUN.ExecuteReader
            dt.Load(reader)
        End Using
    End Using
    Return dt
End Function
User contributions licensed under: CC BY-SA
8 People found this is helpful
Advertisement