Home/ Questions/Q 6722737
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T09:28:57+00:00

I have implemented a code for user validation in VB.NET. When I enter the

  • 0

I have implemented a code for user validation in VB.NET. When I enter the user name and password in the textboxes of my form, and click the submit button , no message box is displayed even when I have written a code for it . Is there some problem in the try-catch block or am I missing some lines of code?

Can someone point out what’s wrong in this code ?

       Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As  System.EventArgs) Handles Button1.Click

    If TextBox1.Text = "" Or TextBox2.Text = " " Then
        MsgBox("Enter a user id and password")
    End If
    TextBox1.Text = userid
    TextBox2.Text = password

    Try
        myconnection = New SqlConnection("server=PARTH-PC\SQLEXPRESS;uid=sa;pwd=demo;database=fc")
        'you need to provide password for sql server
        myconnection.Open()

        mycommand = New SqlCommand("select * from student where user id='" &  TextBox1.Text & "' and password='" & TextBox2.Text & "')", myconnection)
        dr = mycommand.ExecuteReader()

    Catch ex As Exception
    Finally



        If (dr IsNot Nothing) Then

            If (dr.Read()) Then

                MsgBox("User is authenticated")
                Form2.Show()



            Else
                MsgBox("Please enter correct username and password")
            End If


        End If

    End Try

    myconnection.Close()
      End Sub
    End Class
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Use Trim() and Length methods or String.IsNullOrWhiteSpace() (.net framework 4) to check empty or zero length string.

     If TextBox1.Text.Trim().Length = 0 Or TextBox2.Text.Trim().Length = 0 Then
   MsgBox("Enter a user id and password")
   Return 'Terminate this method
 End If

    Wrong assignment here,

     Dim userid=TextBox1.Text
 Dim password=TextBox2.Text

    Another issue is use of hard coded sql statement.

    myconnection = New SqlConnection("server=PARTH-PC\SQLEXPRESS;uid=sa;pwd=demo;database=fc")
mycommand = New SqlCommand("select * from student where [user id]=@userid and [password]=@password",myconnection)
mycommand.Parameters.Add("@userid",SqlDbType.VarChar,30).Value = userid
mycommand.Parameters.Add("@password",SqlDbType.VarChar,30).Value = password

myconnection.Open()
dr = mycommand.ExecuteReader()
Dim isFound as boolean  = false
if dr.Read() Then
   isFound=true
End If
dr.Close()
myConnection.Close()

if IsFound Then
   MsgBox("User is authenticated")
   Form2.Show()
Else
   MsgBox("Please enter correct username and password")
End If
    • 0