please solve my error

Question

1.00/5 (1 vote)

See more:

VB

Imports System.Data
Imports System.Data.SqlClient
Imports System.Configuration
Imports System.IO


Public Class login

    Dim cn As SqlConnection = New SqlConnection("Data Source=sohil-pc\sqlexpress;Initial Catalog=kshitij;Integrated Security=True;Pooling=False")



    Private Sub btnbrowse_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnbrowse.Click
        ofdsignature.InitialDirectory = " d:\images"
        If ofdsignature.ShowDialog() <> Windows.Forms.DialogResult.Cancel Then
            lblsignature.Text = ofdsignature.FileName

        End If
    End Sub

    Private Sub lbllogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles lbllogin.Click
        cn.Open()
        Dim cm As SqlCommand = New SqlCommand("select count(*) from Empdetails where EmpUsername=@p1 and EmpPassword=@p2", cn)
        cm.Parameters.Add("@p1", SqlDbType.VarChar).Value = txtusername
        cm.Parameters.Add("@p2", SqlDbType.VarChar).Value = txtpassword
        Dim UserFoundCount As Integer = Convert.ToInt32(cm.ExecuteScalar())
        If UserFoundCount = 1 Then
            'user exists
        ElseIf UserFoundCount = 0 Then
            'user not found
        ElseIf UserFoundCount > 1 Then
            'you have more than one of the same username and password in the table
        End If
        cn.Close()
    End Sub

    Private Sub login_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Try


        Catch ex As Exception
        End Try
    End Sub
End Class

`now i got error like this....
Failed to convert parameter value from a TextBox to a String.
in this line.....
Dim UserFoundCount As Integer = Convert.ToInt32(cm.ExecuteScalar())

Posted 21-Mar-12 6:38am

pandya purvang

Updated 21-Mar-12 6:57am

Orcun Iyigun

v2

Add a Solution

Comments

Sergey Alexandrovich Kryukov 21-Mar-12 12:43pm

OK, and what is the exact type of your TextBox? (There are more than one.) The name of the instance in your code?
--SA

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2012-03-21T06:59:00

The short answer would be:

VB

myString = myTextBox.Text

You should always use full type name when asking such questions, and tag the UI library you use. Also, you should mark exact line in your code where the compiler finds an error. Nobody want to waste time on guesswork.

From this code, I can see you are storing the password directly. This is unsafe and never ever should be done. Nobody but the user should ever know the password, even the person with full access to the system. It is never needed for authentication. One of the approaches is using cryptographic hash function:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].

You always compare hash to stored hash, never a password. It is not feasible to get a password from known hash.
Please see my past answers:
verify user name and password in c# form[^],
How to Store a Password[^],
Password saving .NET[^].

Also, you are using path name "d:/images". It will work only on one computer and illegal on systems like Windows 7. There are no situations where a hard-coded path name can be useful, ever. All path names are always calculated during run time based on location of assembly, special directories or some configuration data.

—SA

Subinal · Answer 2 · 2012-03-21T06:45:00

Solution 2

Your error is actually on the

VB.NET

cm.Parameters.Add("@p1", SqlDbType.VarChar).Value = txtusername
cm.Parameters.Add("@p2", SqlDbType.VarChar).Value = txtpassword

It should be

VB.NET

cm.Parameters.Add("@p1", SqlDbType.VarChar).Value = txtusername.Text
cm.Parameters.Add("@p2", SqlDbType.VarChar).Value = txtpassword.Text

Posted 21-Mar-12 6:45am

Subinal

Comments

Sergey Alexandrovich Kryukov 21-Mar-12 12:48pm

Good catch. My 4. I would also add: OP stores the password. This is unsafe and never needed for authentication. One of the approached is using cryptographic hash function.
--SA

Sergey Alexandrovich Kryukov 21-Mar-12 12:59pm

There are other problems. Please see my answer.
--SA