Home/ Questions/Q 7936515
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T22:14:27+00:00

I am creating a custom log in page using VB in Visual Studio. Every

  • 0

I am creating a custom log in page using VB in Visual Studio. Every time I try logging in, however, I get the following error:
“Incorrect syntax near ‘.'”.
When I put in the wrong username/password combo it recognizes this, but when it is right it will get this error and fail to log in. 

        Private Function VerifyLogin(ByVal UserName As String) As Boolean
    Try
        Dim cnn As New Data.SqlClient.SqlConnection
        cnn.ConnectionString = My.MySettings.Default.RedwoodConnectionString.Replace(";Integrated Security=True", ";Integrated Security=False") & UserSetting
        Dim cmd As New Data.SqlClient.SqlCommand
        cmd.Connection = cnn
        cmd.CommandType = CommandType.Text
        cmd.CommandText = "SELECT COUNT (principal_id) FROM _ sys.database_principals WHERE(name = '" & UserName & "')"
        cnn.Open()
        Dim i As Integer
        i = cmd.ExecuteScalar()
        cnn.Close()
        If (i > 0) Then Return True
        Return False
    Catch ex As Exception
        System.Windows.Forms.MessageBox.Show("Error: " & ex.Message & vbNewLine & "Location: VerifyLogin() in Login.vb" & vbNewLine & "Returned value: False")
        Return False
    End Try
End Function
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Look at this portion of your sql:

    FROM _ sys.database_principals

    See the mistake there? It thinks the _ is the full table name and sys is an alias. At this point, .database_principals is no longer valid, hence your error.

    And while we’re at it, you really need to fix the sql injection vulnerability!!

    • 0