I need some help with putting the SQL data from my database directly into Textbox1 (Firstname) and Textbox2 (lastname) once the login is successful. Basically, my code validates the username, password, and email (using the stored password, username, and email from my sql table). Then, its supposed to put the firstname and lastname attached to the username, password, and email into textbox1 and textbox2. However, all the tutorials I’ve tried use a dropdownlist. Can someone please tell me what I need to get that part of my code running correctly? This is the first attempt I made. Here’s my code:
Protected Sub Button5_Click(sender As Object, e As EventArgs) Handles Button5.Click If TextBox7.Text = Nothing Then MsgBox(“Please enter Username”, vbExclamation, “Error”) Exit Sub End If If TextBox8.Text = Nothing Then MsgBox(“Please enter Password”, vbExclamation, “Error”) Exit Sub End If If TextBox9.Text = Nothing Then MsgBox(“Please enter Email”, vbExclamation, “Error”) Exit Sub End If Dim un, pw, em, dbUN, dbPW, dbEM As String un = TextBox7.Text pw = TextBox8.Text em = TextBox9.Text Dim cmdUN As New SqlCommand("Select UserName from MembershipInfo where UserName = @p1", con) With cmdUN.Parameters .Clear() .AddWithValue("@p1", un) End With Dim cmdPW As New SqlCommand("Select Password from MembershipInfo where UserName = @p1", con) With cmdPW.Parameters .Clear() .AddWithValue("@p1", un) End With Dim cmdEM As New SqlCommand("Select Email from MembershipInfo where UserName = @p1", con) With cmdEM.Parameters .Clear() .AddWithValue("@p1", un) End With Dim cmdPUN As New SqlCommand("Select Firstname, Lastname From MembershipInfo where Username = @p1, Password = @p2, Email = @p3") Dim myreader As SqlDataReader With cmdPUN.Parameters .Clear() .AddWithValue("@p1", un) .AddWithValue("@p2", pw) .AddWithValue("@p3", em) End With Try If con.State = ConnectionState.Closed Then con.Open() dbUN = cmdUN.ExecuteScalar dbPW = cmdPW.ExecuteScalar dbEM = cmdEM.ExecuteScalar myreader = cmdPUN.ExecuteReader() myreader.Read() If myreader.HasRows Then TextBox1.Text = myreader.Item("Firstname").ToString TextBox2.Text = myreader.Item("Lastname").ToString End If Catch ex As Exception Response.Write(ex.Message) Finally con.Close() End Try If (un = dbUN And pw = dbPW And em = dbEM) Then MsgBox("Login Sucessful", vbExclamation, "Welcome") Else If un <> dbUN Then MsgBox("Username does not match, please try again", vbExclamation, "Error") Else If pw <> dbPW Then MsgBox("Password does not match, please try again", vbExclamation, "Error") Else If em <> dbEM Then MsgBox("Email does not match, please try again", vbExclamation, "Error") End If End If End If End If TextBox7.Text = String.Empty TextBox8.Text = String.Empty TextBox9.Text = String.Empty End Sub
Advertisement
Answer
I would have thought that an email could uniquely identify your user and a User Name would be unnecessary. You should NEVER store passwords as plain text. I already gave explanations in my last answer to you. I hope you go back and look. I gave your controls descriptive names and I suggest you do the same.
Protected Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click If Not ValidateInput() Then Exit Sub End If Dim dt As DataTable Try dt = ValidateUser(txtUserName.Text, txtEmail.Text, txtPassword.Text) Catch ex As Exception Response.Write(ex.Message) Exit Sub End Try If dt.Rows.Count > 0 Then txtFirstName.Text = dt(0)("Firstname").ToString txtLastName.Text = dt(0)("Lastname").ToString MsgBox("Login Sucessful", vbExclamation, "Welcome") txtUserName.Text = String.Empty txtEmail.Text = String.Empty txtPassword.Text = String.Empty End If End Sub Private Function ValidateInput() As Boolean If txtUserName.Text = Nothing Then MsgBox(“Please enter Username”, vbExclamation, “Error”) Return False End If If txtEmail.Text = Nothing Then MsgBox(“Please enter Email”, vbExclamation, “Error”) Return False End If If txtPassword.Text = Nothing Then MsgBox(“Please enter Password”, vbExclamation, “Error”) Return False End If Return True End Function Private Function ValidateUser(UName As String, Email As String, PWord As String) As DataTable Dim dt As New DataTable Using cn As New SqlConnection("Your connection string."), cmdUN As New SqlCommand("Select FirstName, LastName from MembershipInfo where UserName = @User And Email = @Email And Password = @Password", cn) cmdUN.Parameters.Add("@User", SqlDbType.VarChar).Value = UName cmdUN.Parameters.Add("@Email", SqlDbType.VarChar).Value = Email cmdUN.Parameters.Add("@Password", SqlDbType.VarChar).Value = PWord cn.Open() Using reader = cmdUN.ExecuteReader dt.Load(reader) End Using End Using Return dt End Function