3 replies to this topic

[BrandonLim90]

I am new to programming as well. so i might ask some very idiotic question. and hope you guys can lend me a hand on my journey to become a programmer. I was using visual studio ultimate 2010 for my programming. And i am using Microsoft Access 2010 for my database.

well, this is my problem when i trying to login with account that i set in my database and it show me "Syntax error in string in query expression 'Username = 'admin'AND Password = '1234;'." (Note: the admin and 1234 is the username and password that i save in my database.)

And my database structure are something like this

Staff_ID | Staff_Name | Staff_NRIC | Staff_Gender | Staff_Position | Username | Password

Staff_ID = AutoNumber
Staff_Name = Text
Staff_NRIC = Text
Staff_Gender = Text
Staff_Position = Text (Take note that this field properties (Display Control = Combo box) (Row Source = Administrator;"Manager";"Receptionist")
Username = Text
Password = Text

so hope anyone can lend me a hand on this one. and thanks for those are replying me and helping me.

    Private Sub BtmLogIn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles BtmLogIn.Click

        Dim Username As String = usernametxt.Text

        Dim Password As String = passwordtxt.Text

        Dim goahead As Boolean = True

        Dim PathToDatabase As String = CurDir() & "\PC Cyber Cafe Staff Database.accdb"

        Dim ConnectionStringToDatabase As String


        If System.IO.File.Exists(PathToDatabase) = False Then

            MsgBox("Database does not exist at this location : " & vbCrLf & PathToDatabase)

            Exit Sub

        End If


        ConnectionStringToDatabase = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" & _

            PathToDatabase & _

            ";Persist Security Info=True"

        Dim con As New OleDb.OleDbConnection(ConnectionStringToDatabase)

        Dim sql As New OleDb.OleDbCommand


        sql.CommandText = "SELECT * FROM Staff WHERE Username = '" & Username & "'AND Password = '" & Password & ";"

        sql.Connection = con



        Dim Da As New OleDb.OleDbDataAdapter(sql)

        Dim Dt As New DataTable

        Da.Fill(Dt)

        Dim Position As String


        If Dt.Rows.Count > 0 Then

            goahead = True

            Position = Dt.Rows(0).Item(4)

            If Position = "Administrator" Then

                MsgBox("Administrator Account Detected")

                FrmManagerMainMenu.Show()

                FrmReceptionistMainMenu.Show()

            ElseIf Position = "Manager" Then

                MsgBox("Manager Account Detected")

                FrmManagerMainMenu.Show()

            ElseIf Position = "Receptionist" Then

                MsgBox("Receptionist Account Detected")

                FrmReceptionistMainMenu.Show()

            End If

            Me.Close()

        Else

            MsgBox("Login failed! Invalid Username or Password input!")

            usernametxt.Clear()

            passwordtxt.Clear()

            usernametxt.Focus()

        End If

    End Sub

[cdg10620]

In your command text line it should read like this:

sql.CommandText = "SELECT * FROM staff WHERE Username = '" & Username & "' AND Password = '" & Password & "'"

I don't believe you need a semicolon at the end. The reason you're getting a syntax error is because you don't have an ending single quote after your parameter Password. Try adding that and see if it fixes your issue. If not let me know. :) Happy Coding!

[BrandonLim90]

thanks cdg10620. it works. thanks for the helps. now i have learn something new. this site really is something. i o others forum and no one can help me find the solution. this site is best.

[Mark Wylde]

Just on a side note you might want to make sure you escape your Username and Password field. For example replacing any apostrophe's with double apostrophe's or removing them completely. There may be other characters aswell. For more information see SQL Injection on Google or this site.