The solution to it is obvious. You are running an SQL command which is supposed to select the user where the conditions are met. Otherwise the results won't be presented to you.
After executing all of the statements, you are looking into the data reader to check for another column value of that user. Which is, "
userType
".
You should know that if there is no record found then the value is not matched with either admin or user. That is why, you will always get this message. I know you cannot minimize this error, and so there is no solution. Unless there is a result in the database for this query, and the user would not be matched. To ensure that this error doesn't show up again, make sure,
- You have at least one record in your database table
- User and password fields are matching with the input you provide (for testing)
userType
field is also either "admin" or "user"
Then I believe that this code would work and would return the result that you want to see.
Tip: Never stored passwords in plain-text. Hash them and store the hash in the database.
Edit
The problem is that you have replaced the value... In the query if you look,
Dim rs As New SqlCommand("SELECT * FROM [user] WHERE username='" & TextBox1.Text & "' AND passw='" & TextBox2.Text & "'", con)
Dim usernameParam As New SqlParameter("username", Me.TextBox1.Text)
Dim passwordParam As New SqlParameter("passw", Me.TextBox2.Text)
You meant to write the query this way,
Dim rs As New SqlCommand("SELECT * FROM [user] WHERE username=@0 AND passw=@1", con)
Dim usernameParam As New SqlParameter("0", Me.TextBox1.Text)
Dim passwordParam As New SqlParameter("1", Me.TextBox2.Text)
This is the parameterized query. Which is now going to be passed as the value for the condition. Run the query now and see the result.