I have created two form for Login module. One for the admins and one for the customers.
Admin:
Dim con As SqlConnection = New SqlConnection("Data Source=LEGIONPC;Initial Catalog=master;Integrated Security=True")
Dim cmd As SqlCommand = New SqlCommand("select * from tbAdmin where admin_id=' " txtUsername.Text " ' and admin_password='" txtPassword.Text "'", con)
Dim sda As SqlDataAdapter = New SqlDataAdapter(cmd)
Dim dt As DataTable = New DataTable()
sda.Fill(dt)
If (dt.Rows.Count > 0) Then
MessageBox.Show("Correct.", "Log-In")
Else
MessageBox.Show("Invalid.", "Log-In")
End If
Customer:
Dim con As SqlConnection = New SqlConnection("Data Source=LEGIONPC;Initial Catalog=master;Integrated Security=True")
Dim cmd As SqlCommand = New SqlCommand("select * from tbLogin where username=' " txtUsername.Text " ' and pass='" txtPassword.Text "'", con)
Dim sda As SqlDataAdapter = New SqlDataAdapter(cmd)
Dim dt As DataTable = New DataTable()
sda.Fill(dt)
If (dt.Rows.Count > 0) Then
MessageBox.Show("Correct.", "Log-In")
Else
MessageBox.Show("Invalid.", "Log-In")
End If
They are basically just the same, except that both of them are in different form and are based on different tables. But for some reason, the Customer log in is not working, even though the inputs are correct and matches the records in database, it always shows it's invalid.
In database, tbAdmin
's primary key is admin_id
and tbCustomer
's primary key is username
.
Is it possible that it's kind of interrupting the connection because they basically all have the same variable name? But they're in different form and admin log in is perfectly fine.
I would like to apologize, I am new to connecting vb.net to sql.
CodePudding user response:
one thing I notice is you leave a space between the colon Try this
"select * from tbLogin where username='" & txtUsername.Text & "' and pass='" & txtPassword.Text & "'"
Also if you do not want it to be case sensitive you always use 'like'
"select * from tbLogin where username like '" & txtUsername.Text & "' and pass like '" & txtPassword.Text & "'"