How to change password in SQL through vb. Net

Question

0.00/5 (No votes)

See more:

Good day every one. Iam working with my thesis, I have a database and table in sql serve 2012.. The table is tblLogin where the temporary Username and Password were saved. I want to change the Password through vb. net.. Im going to input the current Username and Password, if they matched in sql, I can change the current password by inputing the new password. For example:

Username : admin
Password: 1233

in vb. net design I have:

Input current Username: admin
Input current Password : 1234
Input New Password: 4321
Repeat Password: 4321

Then I have OKAY button that will save the new password..

What I have tried:

Imports System.Data.SqlClient

Public Class MyAcct

Public dr As SqlDataReader

Private Sub OKAY_Click(sender As Object, e As EventArgs) Handles OKAY.Click

Dim objConnection As SqlConnection = New SqlConnection("Server=(localdb)\MSSQLLocalDB;database=CMdb;Integrated Security=True")
objConnection.Open()
Dim objCommand As SqlCommand = New SqlCommand
objCommand.Connection = objConnection
objCommand.CommandText = ("SELECT * FROM tblLogin WHERE Username = '" & txtUN.Text & "' And Password ='" & txtPW.Text & "'")
dr = objCommand.ExecuteReader
If dr.Read() = True Then
Dim objConn As SqlConnection = New SqlConnection("Server=(localdb)\MSSQLLocalDB;database=CMdb;Integrated Security=True")
Dim objCmd As SqlCommand = New SqlCommand
objCmd.Connection = objConn
objCmd.CommandText = ("UPDATE tblLogin WHERE Username = '" & txtNUN.Text & "' And Password ='" & txtNPW.Text & "'")

Dim ans As String
ans = MsgBox("New Security have been saved!", vbOKOnly + vbInformation)

If ans = vbOKOnly Then
Welcome.Show()
End If

Else
Dim ans As String
ans = MsgBox("Invalid current Username or Password", vbOKOnly + vbCritical)
If ans = vbOKOnly Then
Me.Show()
txtUN.Focus()
End If
End If
End Sub

Posted 14-Dec-16 19:36pm

Member 12905345

Updated 14-Dec-16 21:09pm

Add a Solution

Comments

Peter_in_2780 15-Dec-16 2:02am

... and when you get it working, you will have an excellent example of how NOT to manage passwords.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2016-12-14T21:09:00

Frankly, if that's a typical example of your thesis code, changing passwords is the least of your problems.
Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. Stop what you are doing, and go back to the rest of your code and fix that first - your whole application is wide open to any user you wants to delete your database, just by typing in a text box...

Secondly, SqlConnection, SqlCommand, and related objects are scarce resources - you should be Disposing them when you are finished with them.

Thirdly, don't use MsgBox in VB .NET applications, it's a legacy hangover to VB6, and was superseded by the MessageBox class in .NET V1.0

Fourthly, never hardcode connection strings - always use a settings file. this is especially important when you hardcode the string in many, many places as it's far too easy to get one wrong, or miss it completely when it needs changing.

Fifthly, look at your code!

VB.NET

Dim ans As String
ans = MsgBox("New Security have been saved!", vbOKOnly + vbInformation)

If ans = vbOKOnly Then
Welcome.Show()
End If

Given that you only show an OK button, what other value do you expect the message box to be capable of returning?

Then, never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^] - it's in C# but the code is pretty simple and obvious, and online converters exist to change it to VB: Code Converter[^]