MySQL commands in vb code are not working

Question

I've been trying to create a login page that will check if you're an administrator or a customer in my SQL data source. I am not sure why it can't understand the MySQLCommands. I added MySql.Data in the references but this doesn't seem to work.

This is where for example: MySqlConnection and MySqlCommand have blue underlinement.

        Dim cmd As MySqlCommand = New MySqlCommand '(strSQL, con)

Answer 1

@GSerg asked me if I could right click and resolve. I tried that but that was not an option. After messing around with the error it appears that I had to write at top:

Imports MySql.Data.MySqlClient

I also had to add backticks when I used the word password for MySQL as @Steve reminded me.

Thank you for your help!

Answer 2

Password is a reserved word in MySql. If you want to use a field with that name then everytime you use it in your code you should remember to put it between backticks:

 `password` = ...

Said that your code has serious problems. You should never concatenate strings coming from the user input to form a sql text. This leads to syntax errors caused by parsing problem and to Sql Injection attacks. You shoul use a parameterized query like this

   strSQL = "SELECT name FROM employer WHERE (login=@login AND `password`=@pwd"
   Dim cmd As MySqlCommand = New MySqlCommand(strSQL, con)
   cmd.Parameters.Add("@login", MySqlDbType.VarChar).Value = strUser 
   cmd.Parameters.Add("@pwd",MySqlDbType.VarChar).Value = strPaswoord
   con.Open()
   If cmd.ExecuteScalar() = Nothing Then
      ....

Finally you should also change the way you get your data because you want to minimize the trips to access the database for performance reason. You should SELECT both the Name and the EMail with a single query and use an MySqlDataReader to get the data.

Other problems present in your code are the lack of appropriate using statement around the connection and the security problem caused by a possible clear text password stored in the database.