how to ask or check if a query brings a specific data

Question

how to ask or check if a query brings a specific data

Navigation

#1 by (2 votes)

0

I have this simple code to enter a system I would like to know if through this same code there is any way of asking if the type of user that I select is administrator, etc. to perform certain actions?

this is the code:

Private Sub btningresar_Click(sender As Object, e As EventArgs) Handles btningresar.Click
    Dim conn As New SqlClient.SqlConnection("Data Source=SAMUELSUSANA; Initial catalog=poovb;integrated security=true")
    Dim dr As SqlDataReader
    'Dim da As SqlDataAdapter
    Dim ds As New DataSet
    'Dim dt As DataTable

    Try
        conn.Open()
        Dim cmd As New SqlCommand("Select * from Usuario where Usuario='" & Me.txtusuario.Text & "'and Clave='" & Me.txtcontraseña.Text & "'and Tipo= '" & Me.cbtipo.Text & "'", conn)
        dr = cmd.ExecuteReader
        If (dr.HasRows = True) Then
            MessageBox.Show("Bienvenido al Sistema Señor/a..." + txtusuario.Text)
            Me.Hide()
            MenuPrincipal.Show()

        ElseIf (dr.HasRows = False) Then
            MessageBox.Show("Usuario y/o Contraseña Erronea, Por favor intente de nuevo.")
            txtusuario.Clear()
            txtcontraseña.Clear()
            cbtipo.Text = ""
            txtusuario.Focus()
            conteo = conteo + 1
            If (conteo = 3) Then
                MessageBox.Show("Ha alcanzado el limite de intentos, Vuelva a intentarlo mas tarde con datos correctos.")
                Application.Exit()

            End If


        End If
    Catch Exoledb As Exception
    Finally
        conn.Close()
    End Try

sql vb.net

asked by Samuel Ignacio Susana Confesor 04.08.2017 в 18:09

source

1 answer

SQL error: ORA-00904: invalid identifier Is it safe to save an Array in localStorage?

score 2 · Accepted Answer

If your Users table contains the level of serious access in the following way:

If (dr.HasRows = True) Then
        //Leemos el tipo de acceso
            Dim accesso AS [TIPODEDATODELACCESO] = Conver.To[TIPODEDATO](dr[NOMBRECAMPODETABLA])
            MessageBox.Show("Bienvenido al Sistema Señor/a..." + txtusuario.Text)
            Me.Hide()
            MenuPrincipal.Show()

where [TIPODEDATODELACCESO] is as defined in your table of the BD the field whether int, decimal, etc. and the convert would be according to the type of data you need to convert the object.

NOMBRECAMPODETABLA would be the field of the table of the BD that contains the level of access

For example: Assuming that our table contains the permission field type int that defines the level of access would be:

Dim acceso as int = Convert.ToInt32(dr["permiso"])

Note: Your query is prone to sql injection, consider changing it to a parameterized query