how to update password ?

Question

4.00/5 (1 vote)

See more:

VB

Protected Sub btnChangepassword_Click(ByVal sender As Object, ByVal e As EventArgs) Handles btnChangepassword.Click
       com.Connection = con
       con.Open()
       com.CommandText = "SELECT password FROM signUp WHERE password =@password"
       com.Parameters.Add(New SqlClient.SqlParameter("@password", txtPassword.Text))
       Dim str As String = com.ExecuteScalar
       If str = "" Then
           lblusernametaken.Visible = False


       Else
           lblusernametaken.Visible = True
           Exit Sub
       End If

       Dim sql As String = String.Empty
       sql = "update signUp set password='" & txtNewPassword.Text & "' where empId='" & lblempid.Text & "'"

       Dim cmd As New SqlCommand(sql, con)
       cmd.ExecuteNonQuery()

       con.Close()

   End Sub

what's wrong with this code plz help

Posted 20-Apr-14 19:32pm

neeraj_

Add a Solution

Comments

Bh@gyesh 21-Apr-14 1:36am

Hi,
Which error did you get while executing code?

neeraj_ 21-Apr-14 1:58am

no error sir
just lblusernametaken visible true and exit

syed shanu 21-Apr-14 2:10am

Hi,better create one stored procedure and pass password,newpassword,empid as parameter to stored procedure and in procedure you can do both select and update insted of 2 time hit to db make it as one time.

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Bh@gyesh · Accepted Answer · 2014-04-20T20:28:00

Hi,

The way you have to update password is valid but it is not good way. It can affected by SQL injection problem. So use Store procedure to change password as follows:

SQL

CREATE PROCEDURE (@Oldpwd varchar(20), @Newpwd varchar(20), @Empid int)
as
begin
if exists(select * from signUp WHERE password =@Oldpwd and empid=@Empid)
begin
update signUp set password=@Newpwd where empid=@Empid
end
end

Let me know if you have any questions.

OriginalGriff · Accepted Answer · 2014-04-20T20:43:00

Solution 2

Two major things you need to change here:
First, do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Second, never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

When you have fixed those, the chances are your problem will have disappeared anyway...

Posted 20-Apr-14 20:43pm

OriginalGriff

Comments

neeraj_ 21-Apr-14 3:30am

sir can you tell me plz how to make my website browser independent

OriginalGriff 21-Apr-14 3:44am

What does this have to do with the original question?

neeraj_ 21-Apr-14 3:46am

no its not related to that

OriginalGriff 21-Apr-14 3:49am

Then it needs to be a new question, with rather a lot more information!

neeraj_ 21-Apr-14 4:20am

ok