AN unhandled exception of type 'system.data.sqlclient.sqlException' occured in system.data.dll

Question

0.00/5 (No votes)

See more:

VB

Imports System.Data
Imports System.Data.SqlClient


Public Class LoginForm1
    
    Dim da As SqlDataAdapter
    Dim ds As DataSet
    Dim query As String
    Dim sqlq As String

    Private Sub DELETETIME()
        If con.State = ConnectionState.Open Then con.Close()
        con.Open()

        
        query = "DELETE FROM USERLOG WHERE USERID='" & USERNAME & "'"

        COMMAND = New SqlCommand(query, con)
        COMMAND.ExecuteNonQuery()

    End Sub


    
    Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click
        Dim CMD As SqlCommand
        If con.State = ConnectionState.Open Then con.Close()
        con.Open()

        query = "select * from USERLOGIN where USERID='" & txtUsername.Text & "'and UPASSWORD='" & txtPasswd.Text & "'"

        da = New SqlDataAdapter(query, con)
        ds = New DataSet
        da.Fill(ds)
        If ds.Tables(0).Rows.Count > 0 Then
            'valid user
            USERNAME = txtUsername.Text

            USERTYPE = ds.Tables(0).Rows(0).Item(3)
            logintime = Now
            DELETETIME()

            If con.State = ConnectionState.Open Then con.Close()
            con.Open()

            'query = "UPDATE USERLOG SET ULOGDATE='" & Today & "',ULOGINTIME='" & Now & "' WHERE USERID='" & USERNAME & "'"
            query = "INSERT INTO USERLOG VALUES('" & txtUsername.Text & "','" & Today & "','" & Now.TimeOfDay.ToString & "')"

            CMD = New SqlCommand(query, con)
            CMD.ExecuteNonQuery()


            con.Open()
            

            con.Close()


            frmMDIMain.Show()
            Me.Hide()


        Else
            MsgBox("INVALID LOGIN")
            
        End If

        txtUsername.Text = ""
        txtPasswd.Text = ""
        txtUsername.Focus()


    End Sub

    Private Sub Cancel_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        'Me.Close()
        End
    End Sub

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
        txtUsername.Text = ""
        txtPasswd.Text = ""
        txtUsername.Focus()

    End Sub

    Private Sub LoginForm1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Call myConnection()
        txtUsername.Focus()

    End Sub

    
End Class

when I run it."AN unhandled exception of type 'system.data.sqlclient.sqlException' occured in system.data.dll" this run time error is obtained.

how can I over come from this??

Posted 22-Feb-14 3:01am

Member 10616959

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

NeverJustHere · Answer 1 · 2014-02-22T03:11:00

Examine the details in the exception you are getting. This will give some insight into why SQL is throwing an exception.

Looking at the code there are a couple of things that might be the problem.

- What if the username contains an apostrophe (e.g. O'Neil).
- Are the date and time provided compatible with the databases expectation.

The best way of solving both these problems is to use Parameterized Queries.

This also has the advantage of removing a massive security issue with what you are doing. The way you are constructing SQL strings is a common defect, and has been used many times by hackers to break into systems. Parameterized queries eliminates this.