HELP! ! With my reader = cm.executereader invalid operation exception was un handled

Question

1.00/5 (1 vote)

See more:

can someone help me with this error i can't still figure it out why it gives a runtime error message qoute "An unhandled exception of type

'System.InvalidOperationException' occurred in MySql.Data.dll"

can someone correct my code please TIA

What I have tried:

VB

Imports MySql.Data.MySqlClient


Public Class Login
    Public cn As New MySqlConnection("server=localhost;user id=root;password=root;database=elmasgarden")
    Dim cm As New MySqlCommand
    Dim Reader As MySqlDataReader
    Function EscapeQuote(ByVal msData As Object) As String
        Return (Replace(msData, "'", "''"))
    End Function
    Private Sub Button1_Click(sender As Object, e As EventArgs) Handles btnlogin.Click
        Try
            Dim str_user, str_pass As String
            Dim query As String
            DbOpen()
            query = "Select * from login where Username= '" & EscapeQuote(txtuser.Text) & "' AND Password = '" & EscapeQuote(txtpass.Text) & "'"
            cm = New MySqlCommand(query, cn)
            'fatality
            Reader = cm.ExecuteReader
            'ai wins

            Reader.Read()

            If Reader.HasRows Then
                'login success
                str_pass = Reader.Item("Password").ToString
                str_user = Reader.Item("Username").ToString
                lblname.Text = Reader.GetString(1)
                lblusertype.Text = Reader.GetString(5)

            Else
                str_pass = ""
                str_user = ""
                lblname.Text = ""
                lblusertype.Text = ""
            End If


            If txtuser.Text = "" Or txtpass.Text = "" Then
                MsgBox("Please Enter Username and Password", MsgBoxStyle.Information, "")
            ElseIf StrComp(txtuser.Text, str_user, CompareMethod.Binary) Or StrComp(txtpass.Text, str_pass, CompareMethod.Binary) Then
                MsgBox("Invalid Username or Password!", MsgBoxStyle.Exclamation, "")
            End If
            

            Me.Dispose()


            Panels.ShowDialog()

            txtuser.Clear()
            txtpass.Clear()
            
     Catch ex As MySqlException
            MessageBox.Show(ex.Message)
        Finally
            DbClose()
        End Try
 


    End Sub

Posted 25-Jan-20 7:54am

Marky Angel Kevin Garcia

Updated 25-Jan-20 21:27pm

Wendelius

v3

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Wendelius · Answer 1 · 2020-01-25T07:57:00

Solution 1

As said earlier, in order to make your SQL statement work safely and correctly, you need to use parameters. For an example, see MySQL :: MySQL Connector/NET Developer Guide :: 5.6.1 Preparing Statements in Connector/NET[^]

Also, you still try to save the password as plain text. There is no shortcut, you need to make appropriate changes for the program to work correctly.

Posted 25-Jan-20 7:57am

Wendelius

Updated 25-Jan-20 8:01am

v2

Comments

Marky Angel Kevin Garcia 25-Jan-20 14:03pm

so sorry sir im stilling trying to learn the right ways, thank you again sir its to simple for others but hard for me haha LOL

Wendelius 25-Jan-20 15:35pm

Don't worry, we have all started as beginners. What is hard for you today will be easy for you tomorrow. Just give it a try and you'll notice that it's not that difficult.

And if you get stuck in the process, post a new question in the Q&A along with the code, just like you have done. There are a lot of people here willing to help

Best of luck :)

Patrice T · Answer 2 · 2020-01-25T11:50:00

VB

uery = "Select * from login where Username= '" & EscapeQuote(txtuser.Text) & "' AND Password = '" & EscapeQuote(txtpass.Text) & "'"

Not necessary a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]

Richard MacCutchan · Answer 3 · 2020-01-25T21:28:00

Solution 3

Please read again all the suggestions in your previous question on this subject: Vb.net case sensitive using mysql workbench[^]. As long as you continue to do it the wrong way you are more likely to have problems. The changes you made above do not correct any of the issues.

Posted 25-Jan-20 21:28pm

Richard MacCutchan