I need some help with putting the SQL data from my database directly into Textbox1 (Firstname) and Textbox2 (lastname) once the login is successful. Basically, my code validates the username, password, and email (using the stored password, username, and email from my sql table). Then, its supposed to put the firstname and lastname attached to the username, password, and email into textbox1 and textbox2. However, all the tutorials I've tried use a dropdownlist. Can someone please tell me what I need to get that part of my code running correctly? This is the first attempt I made. Here's my code:
Protected Sub Button5_Click(sender As Object, e As EventArgs) Handles Button5.Click
If TextBox7.Text = Nothing Then
MsgBox(“Please enter Username”, vbExclamation, “Error”)
Exit Sub
End If
If TextBox8.Text = Nothing Then
MsgBox(“Please enter Password”, vbExclamation, “Error”)
Exit Sub
End If
If TextBox9.Text = Nothing Then
MsgBox(“Please enter Email”, vbExclamation, “Error”)
Exit Sub
End If
Dim un, pw, em, dbUN, dbPW, dbEM As String
un = TextBox7.Text
pw = TextBox8.Text
em = TextBox9.Text
Dim cmdUN As New SqlCommand("Select UserName from MembershipInfo where UserName = @p1", con)
With cmdUN.Parameters
.Clear()
.AddWithValue("@p1", un)
End With
Dim cmdPW As New SqlCommand("Select Password from MembershipInfo where UserName = @p1", con)
With cmdPW.Parameters
.Clear()
.AddWithValue("@p1", un)
End With
Dim cmdEM As New SqlCommand("Select Email from MembershipInfo where UserName = @p1", con)
With cmdEM.Parameters
.Clear()
.AddWithValue("@p1", un)
End With
Dim cmdPUN As New SqlCommand("Select Firstname, Lastname From MembershipInfo where Username = @p1, Password = @p2, Email = @p3")
Dim myreader As SqlDataReader
With cmdPUN.Parameters
.Clear()
.AddWithValue("@p1", un)
.AddWithValue("@p2", pw)
.AddWithValue("@p3", em)
End With
Try
If con.State = ConnectionState.Closed Then con.Open()
dbUN = cmdUN.ExecuteScalar
dbPW = cmdPW.ExecuteScalar
dbEM = cmdEM.ExecuteScalar
myreader = cmdPUN.ExecuteReader()
myreader.Read()
If myreader.HasRows Then
TextBox1.Text = myreader.Item("Firstname").ToString
TextBox2.Text = myreader.Item("Lastname").ToString
End If
Catch ex As Exception
Response.Write(ex.Message)
Finally
con.Close()
End Try
If (un = dbUN And pw = dbPW And em = dbEM) Then
MsgBox("Login Sucessful", vbExclamation, "Welcome")
Else
If un <> dbUN Then
MsgBox("Username does not match, please try again", vbExclamation, "Error")
Else
If pw <> dbPW Then
MsgBox("Password does not match, please try again", vbExclamation, "Error")
Else
If em <> dbEM Then
MsgBox("Email does not match, please try again", vbExclamation, "Error")
End If
End If
End If
End If
TextBox7.Text = String.Empty
TextBox8.Text = String.Empty
TextBox9.Text = String.Empty
End Sub
CodePudding user response:
I would have thought that an email could uniquely identify your user and a User Name would be unnecessary. You should NEVER store passwords as plain text. I already gave explanations in my last answer to you. I hope you go back and look. I gave your controls descriptive names and I suggest you do the same.
Protected Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
If Not ValidateInput() Then
Exit Sub
End If
Dim dt As DataTable
Try
dt = ValidateUser(txtUserName.Text, txtEmail.Text, txtPassword.Text)
Catch ex As Exception
Response.Write(ex.Message)
Exit Sub
End Try
If dt.Rows.Count > 0 Then
txtFirstName.Text = dt(0)("Firstname").ToString
txtLastName.Text = dt(0)("Lastname").ToString
MsgBox("Login Sucessful", vbExclamation, "Welcome")
txtUserName.Text = String.Empty
txtEmail.Text = String.Empty
txtPassword.Text = String.Empty
End If
End Sub
Private Function ValidateInput() As Boolean
If txtUserName.Text = Nothing Then
MsgBox(“Please enter Username”, vbExclamation, “Error”)
Return False
End If
If txtEmail.Text = Nothing Then
MsgBox(“Please enter Email”, vbExclamation, “Error”)
Return False
End If
If txtPassword.Text = Nothing Then
MsgBox(“Please enter Password”, vbExclamation, “Error”)
Return False
End If
Return True
End Function
Private Function ValidateUser(UName As String, Email As String, PWord As String) As DataTable
Dim dt As New DataTable
Using cn As New SqlConnection("Your connection string."),
cmdUN As New SqlCommand("Select FirstName, LastName from MembershipInfo where UserName = @User And Email = @Email And Password = @Password", cn)
cmdUN.Parameters.Add("@User", SqlDbType.VarChar).Value = UName
cmdUN.Parameters.Add("@Email", SqlDbType.VarChar).Value = Email
cmdUN.Parameters.Add("@Password", SqlDbType.VarChar).Value = PWord
cn.Open()
Using reader = cmdUN.ExecuteReader
dt.Load(reader)
End Using
End Using
Return dt
End Function