Click here to Skip to main content
15,398,590 members
Home / Discussions / Database
   

Database

 
GeneralRe: Dynamically Add Column Name Pin
Corporal Agarn30-Apr-15 6:38
professionalCorporal Agarn30-Apr-15 6:38 
AnswerRe: Dynamically Add Column Name Pin
Corporal Agarn29-Apr-15 5:37
professionalCorporal Agarn29-Apr-15 5:37 
GeneralRe: Dynamically Add Column Name Pin
MadDashCoder30-Apr-15 6:11
MemberMadDashCoder30-Apr-15 6:11 
QuestionStarting a SSIS 2012 DTSX package without validating it? Pin
Dr Miroslav Stimac29-Apr-15 1:39
professionalDr Miroslav Stimac29-Apr-15 1:39 
AnswerRe: Starting a SSIS 2012 DTSX package without validating it? Pin
Snorri Kristjansson22-May-15 1:39
professionalSnorri Kristjansson22-May-15 1:39 
Questiondatabase Pin
surender singh28-Apr-15 22:01
Membersurender singh28-Apr-15 22:01 
AnswerRe: database Pin
Richard MacCutchan28-Apr-15 23:05
mveRichard MacCutchan28-Apr-15 23:05 
AnswerRe: database Pin
Richard Deeming29-Apr-15 1:55
mveRichard Deeming29-Apr-15 1:55 
In addition to the SQL Injection[^] vulnerability, you're also storing passwords in plain text. You should only ever store a salted hash of the user's password.

You should also wrap the connection and command objects in Using blocks, to ensure that their resources are properly cleaned up.

You should also give your controls proper names, so that their meaning is obvious. Using the default names (TextBox1, TextBox2, etc.) will only confuse you when you come back to this code later.

To fix the immediate problem, use a parameterized query:
VB.NET
Using con As New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\surendera\Documents\student.accdb")
    Using cmd As New OleDbCommand("INSERT into user_acnt (user_name, pas_word) values (?, ?)", con)
        
        ' OleDb doesn't use named parameters, so the names don't matter here:
        cmd.Parameters.AddWithValue("p0", login.UserNameTextBox.Text)
        cmd.Parameters.AddWithValue("p1", login.PasswordTextBox.Text)
        
        con.Open()
        cmd.ExecuteNonQuery()
    End Using
End Using


Then, go and read the following articles, and change your database design to store the passwords securely:
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]



"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer


QuestionMySQL Server does not show up in Installer Pin
QuickBooksDev28-Apr-15 0:26
MemberQuickBooksDev28-Apr-15 0:26 
AnswerRe: MySQL Server does not show up in Installer Pin
Herman<T>.Instance29-Apr-15 9:57
MemberHerman<T>.Instance29-Apr-15 9:57 
QuestionDoubt in oralce table Pin
Balaji Naidu27-Apr-15 9:39
MemberBalaji Naidu27-Apr-15 9:39 
QuestionRe: Doubt in oralce table Pin
Richard Deeming27-Apr-15 10:21
mveRichard Deeming27-Apr-15 10:21 
AnswerRe: Doubt in oralce table Pin
Balaji Naidu27-Apr-15 10:26
MemberBalaji Naidu27-Apr-15 10:26 
AnswerRe: Doubt in oralce table Pin
Sascha Lefèvre27-Apr-15 15:15
professionalSascha Lefèvre27-Apr-15 15:15 
QuestionOrder By Pin
jkirkerx26-Apr-15 11:57
professionaljkirkerx26-Apr-15 11:57 
AnswerRe: Order By Pin
David Mujica27-Apr-15 3:37
MemberDavid Mujica27-Apr-15 3:37 
GeneralRe: Order By Pin
jkirkerx27-Apr-15 6:40
professionaljkirkerx27-Apr-15 6:40 
QuestionBetter way of matching a customer address Pin
jkirkerx24-Apr-15 6:25
professionaljkirkerx24-Apr-15 6:25 
AnswerRe: Better way of matching a customer address Pin
jkirkerx24-Apr-15 6:40
professionaljkirkerx24-Apr-15 6:40 
GeneralRe: Better way of matching a customer address Pin
PIEBALDconsult24-Apr-15 7:47
professionalPIEBALDconsult24-Apr-15 7:47 
GeneralRe: Better way of matching a customer address Pin
jkirkerx24-Apr-15 12:31
professionaljkirkerx24-Apr-15 12:31 
GeneralRe: Better way of matching a customer address Pin
PIEBALDconsult24-Apr-15 12:36
professionalPIEBALDconsult24-Apr-15 12:36 
GeneralRe: Better way of matching a customer address Pin
jkirkerx24-Apr-15 12:50
professionaljkirkerx24-Apr-15 12:50 
AnswerRe: Better way of matching a customer address Pin
jschell26-Apr-15 7:26
Memberjschell26-Apr-15 7:26 
GeneralRe: Better way of matching a customer address Pin
jkirkerx26-Apr-15 8:34
professionaljkirkerx26-Apr-15 8:34 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.