-1

i have a problem regarding register form which i try to make it send to database ( add new record ) using data provided but its not working. Thank you very much

Here is the UI : UI

Heres my code :

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
    Dim nama, uname, password, email, jk As String
    Dim idusr As Integer

    nama = TextBox1.Text
    uname = TextBox2.Text
    password = TextBox3.Text
    email = TextBox5.Text
    jk = ComboBox1.SelectedValue

    Randomize()
    ' The program will generate a number from 0 to 50
    idusr = Int(Rnd() * 50) + 1

    If TextBox1.Text = "" Or TextBox2.Text = "" Or TextBox3.Text = "" Or TextBox4.Text = "" Or TextBox5.Text = "" Then
        MsgBox("Please Fill All The Box First !!!")
    ElseIf TextBox3.Text <> TextBox4.Text Or TextBox3.TextLength <= 8 Then
        MsgBox("Password do not match or missing !!!")
    Else
        Dim dbsource As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Michael\Tugas Materi Kuliah\VB\TA\DBUtama.accdb"
        Dim conn = New OleDbConnection(dbsource)
        Dim str = "Insert into [User]([IDUSR],[Nama],[Uname],[Pass],[Jenis Kelamin],[Email]) Values ('" & idusr & "','" & nama & "','" & uname & "','" & password & "','" & jk & "','" & email & "') ;"
        Dim cmd As OleDbCommand = New OleDbCommand(str, conn)
        Try
            cmd.ExecuteNonQuery()
            cmd.Dispose()
        Catch ex As Exception
            MsgBox("Something broke, i know its you !!")
        End Try
    End If
End Sub

and Database : My database with User as table name

Erik A
  • 31,639
  • 12
  • 42
  • 67
Michael
  • 29
  • 1
  • 5
  • Did you bother to look at the exception? – jmcilhinney May 13 '18 at 10:55
  • Also you might want to protect your data by looking into using parameters. Look at this: https://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work –  May 13 '18 at 11:14
  • 2
    using exceptions to write useless messages is ... useless. Instead show us what is the value of the ex.Message field or add the whole exception with ToString() – Steve May 13 '18 at 11:15
  • 1
    ahh you mean catch the error message ? i forgot about that part, my bad sorry, im still new to this language. but thank you for reminding me. – Michael May 13 '18 at 12:54
  • 2
    Umm. `IDUSR` is obviously an Autonumber column, so you shouldn't even be supplying this field. And using a random number for ID is silly. What if an already existing number is picked? – Andre May 13 '18 at 13:01
  • Passwords should not be saved as plain text - hash them and salt them. In other words, almost everything in that code should be redone, – Ňɏssa Pøngjǣrdenlarp May 13 '18 at 15:06
  • @Andre huh ? i never thought it was possible, and sorry i didnt think that far about same number getting picked up. – Michael May 14 '18 at 02:44

1 Answers1

0

idusr is numeric, thus no quotes:

Dim str = "Insert into [User]([IDUSR],[Nama],[Uname],[Pass],[Jenis Kelamin],[Email]) Values (" & idusr & ",'" & nama & "','" & uname & "','" & password & "','" & jk & "','" & email & "') ;"

And do leave out all those exclamation marks. Users are not idiots.

Also, get someone to proofread the prompts and captions.

Gustav
  • 53,498
  • 7
  • 29
  • 55
  • ahh i see, that quotes was my, what 2 hours thinking it. thank you man it work. ohh sorry XD at that moment i was so frustrated that i dont bother to think anything so i just put every i want. and i will make sure to delete that caption since it makes my code longer than it already is. thank you once again. – Michael May 13 '18 at 12:57
  • 1
    You are still going to receive a lot of surprises with your code. What if someone types a name, uname or password containing a single quote? Try it and then start looking on how to write parameterized queries – Steve May 13 '18 at 13:05