This error showed up when I tried to login on my application... My suspicion is that SqlDbType.VarChar ( it has an integer of 22 ) is not detected by Visual Basic or MySql Connector is bugged... But, what do you think of this?
The VarChar ID is not detected...
Here's the code to pressing the login button:
Private Sub loginMenu_Click_1(sender As Object, e As EventArgs) Handles loginMenu.Click
Dim val As Integer
If userTextBoxMenu.Text = "" Or passTextBoxMenu.Text = "" Then
MessageBox.Show("Please fill in username and password, please.")
Else
Try
sqlConn.Open()
sqlComm.CommandType = CommandType.Text
'sqlComm.CommandText = "SELECT * FROM admin_account WHERE username = '" & userTextBoxMenu.Text & "' AND password = '" & passTextBoxMenu.Text & "'"
sqlComm.CommandText = "SELECT * FROM admin_account WHERE username = @userN AND password = @passW;"
sqlAdap = New MySqlDataAdapter(sqlComm.CommandText, sqlConn)
sqlComm.Parameters.Add("@userN", SqlDbType.VarChar, 20)
sqlComm.Parameters("@userN").Value = userTextBoxMenu.Text
sqlComm.Parameters.Add("@passW", SqlDbType.VarChar, 20).Value = passTextBoxMenu.Text
sqlComm.Parameters("@passW").Value = passTextBoxMenu.Text
val = sqlAdap.Fill(dataTab)
sqlConn.Close()
If val = 1 Then
statusLabelMenu.Text = "Logged In"
sqlComm.Parameters.Clear()
ElseIf val = 0 Then
userTextBoxMenu.Text = ""
passTextBoxMenu.Text = ""
MessageBox.Show("Invalid username or password!")
sqlComm.Parameters.Clear()
ElseIf val > 1 Then
userTextBoxMenu.Text = ""
passTextBoxMenu.Text = ""
MessageBox.Show("WARNING! SQL injection attack detected. Authorities noted.")
sqlComm.Parameters.Clear()
End If
Catch ex As Exception
Console.WriteLine(ex.Message)
MessageBox.Show(ex.Message)
End Try
End If
End Sub
CodePudding user response:
SqlDbType is for use with the SqlClient provider for SQL Server. Not surprisingly, the MySqlDbType enumeration is for use with the MySqlClient provider for MySQL.