database
-
Dim cn As String
con.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\surendera\Documents\student.accdb"cn = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\\Users\\surendera\\Documents\\student.accdb" con = New OleDbConnection(cn) cmd.Connection = con con.Open() cmd.CommandText = "INSERT into user\_acnt(user\_name,pas\_word) values('" + login.TextBox1.Text + "' ," + login.TextBox2.Text.ToString + ")" cmd.ExecuteNonQuery() MsgBox("record successfully saved", vbInformation) con.Close()what is the problem in this code...when i run this code it says no value given for some parameter. this code is written within a vb clas named class1 and table name is useracnt plz suggest me the solution
surendera singh
-
Dim cn As String
con.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\surendera\Documents\student.accdb"cn = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\\Users\\surendera\\Documents\\student.accdb" con = New OleDbConnection(cn) cmd.Connection = con con.Open() cmd.CommandText = "INSERT into user\_acnt(user\_name,pas\_word) values('" + login.TextBox1.Text + "' ," + login.TextBox2.Text.ToString + ")" cmd.ExecuteNonQuery() MsgBox("record successfully saved", vbInformation) con.Close()what is the problem in this code...when i run this code it says no value given for some parameter. this code is written within a vb clas named class1 and table name is useracnt plz suggest me the solution
surendera singh
There seems to be some confusing code there; you have the connection string twice. You are also using string concatenation in your
INSERTstatement which leaves you open to SQL injection attacks, and the loss or destruction of your database. You are also displaying the message "record successfully saved" without checking that it actuallky has been, so leading to other errors that you will not know about. I suggest getting hold of some learning materials before going any further. -
Dim cn As String
con.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\surendera\Documents\student.accdb"cn = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\\Users\\surendera\\Documents\\student.accdb" con = New OleDbConnection(cn) cmd.Connection = con con.Open() cmd.CommandText = "INSERT into user\_acnt(user\_name,pas\_word) values('" + login.TextBox1.Text + "' ," + login.TextBox2.Text.ToString + ")" cmd.ExecuteNonQuery() MsgBox("record successfully saved", vbInformation) con.Close()what is the problem in this code...when i run this code it says no value given for some parameter. this code is written within a vb clas named class1 and table name is useracnt plz suggest me the solution
surendera singh
In addition to the SQL Injection[^] vulnerability, you're also storing passwords in plain text. You should only ever store a salted hash of the user's password. You should also wrap the connection and command objects in
Usingblocks, to ensure that their resources are properly cleaned up. You should also give your controls proper names, so that their meaning is obvious. Using the default names (TextBox1,TextBox2, etc.) will only confuse you when you come back to this code later. To fix the immediate problem, use a parameterized query:Using con As New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\surendera\Documents\student.accdb")
Using cmd As New OleDbCommand("INSERT into user_acnt (user_name, pas_word) values (?, ?)", con)' OleDb doesn't use named parameters, so the names don't matter here: cmd.Parameters.AddWithValue("p0", login.UserNameTextBox.Text) cmd.Parameters.AddWithValue("p1", login.PasswordTextBox.Text) con.Open() cmd.ExecuteNonQuery() End UsingEnd Using
Then, go and read the following articles, and change your database design to store the passwords securely: Secure Password Authentication Explained Simply[^] Salted Password Hashing - Doing it Right[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
