0

I am having an issue with my login page. I am not getting any errors so am not able to know where the problem is?

Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Login.Click
    'connection string

    Dim mysqlconn As MySqlConnection = New MySqlConnection("server=localhost;user id=root;Password=123;database=users;persist security info=False")

    Dim cmd As New MySqlCommand
    Dim da As New MySqlDataAdapter
    Dim mydata As New DataTable
    Dim reader As MySqlDataReader

    Try
        mysqlconn.Open()
        Dim query As String
        query = "SELECT * FROM login_form where Username = '" & rfvUser.Text & "' and Password='" & rfvPWD.Text & "'"
        cmd = New MySqlCommand(query, mysqlconn)
        reader = cmd.ExecuteReader
        While reader.Read()
            If rfvUser.Text = "admin" And rfvPWD.Text = "admin" Then
                Me.Session("User") = Me.rfvUser.Text
                Server.Transfer("Admin.aspx")

            ElseIf (rfvUser.Text = reader("UserName").ToString()) And (rfvPWD.Text = reader("Password").ToString()) Then
                Me.Session("User") = Me.rfvUser.Text
                Server.Transfer("Ersal_send.aspx")

            Else

                ClientScript.RegisterStartupScript(Page.[GetType](), "validation", "<script language='javascript'>alert('Invalid Username or Password')</script>")

                reader.Close()
            End If

        End While

    Catch ex As Exception
        MsgBox(ex.Message)
    Finally
        mysqlconn.Dispose()

    End Try

End Sub

End Class
Vivek Jain
  • 3,811
  • 6
  • 30
  • 47
mulikevs
  • 181
  • 2
  • 17
  • Have you tried debugging it? – Izzy Sep 09 '14 at 09:17
  • Have you debugged it ? – Mairaj Ahmad Sep 09 '14 at 09:20
  • Please show some effort taken by you, do not just paste your problem here and wait for some who will solve it for you, Detail information will also help to understand problem. – Jageen Sep 09 '14 at 09:26
  • `I am not getting any errors so am not able to know where the problem is.` Not true. If you know there's a problem, step through the code using breakpoints until a particular line of code behaves unexpectedly. –  Sep 09 '14 at 09:33
  • I guess your query is not returning any records. – Mairaj Ahmad Sep 09 '14 at 09:38
  • Your code might be vulnerable. Read about SQL injection.http://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work – Pleun Sep 09 '14 at 09:40

1 Answers1

1

Have you tried running the query directly via a SQL client? If your query is not returning any rows, then your procedure will simply exit without any errors as it will never enter the While loop.

Another advice: It is never a good idea to pass user input directly into a query. This leads to SQL injection. Use parameterised queries. Google for it.

navigator
  • 1,678
  • 16
  • 29