ASP.NET

Coding Critique is the place to post source code for peer review by other members of DevNetwork. Any kind of code can be posted. Code posted does not have to be limited to PHP. All members are invited to contribute constructive criticism with the goal of improving the code. Posted code should include some background information about it and what areas you specifically would like help with.

Popular code excerpts may be moved to "Code Snippets" by the moderators.

Moderator: General Moderators

Post Reply
barrowvian
Forum Commoner
Posts: 47
Joined: Tue Aug 19, 2008 3:49 pm

ASP.NET

Post by barrowvian »

Code: Select all

 
' Insert page code here
'
    Function updateUserPass(ByVal username As String, ByVal password As String) As Integer
        Dim connectionString As String = "Provider=Microsoft.Jet.OLEDB.4.0; Ole DB Services=-4; Data Source=C:\Documents an"& _
"d Settings\me\Desktop\database assignment 2\Project\members.mdb"
        Dim dbConnection As System.Data.IDbConnection = New System.Data.OleDb.OleDbConnection(connectionString)
 
        Dim queryString As String = "UPDATE [members] SET [password]=@password WHERE ([members].[username] = @username"& _
")"
        Dim dbCommand As System.Data.IDbCommand = New System.Data.OleDb.OleDbCommand
        dbCommand.CommandText = queryString
        dbCommand.Connection = dbConnection
 
        Dim dbParam_username As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
        dbParam_username.ParameterName = "@username"
        dbParam_username.Value = username
        dbParam_username.DbType = System.Data.DbType.String
        dbCommand.Parameters.Add(dbParam_username)
        Dim dbParam_password As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
        dbParam_password.ParameterName = "@password"
        dbParam_password.Value = password
        dbParam_password.DbType = System.Data.DbType.String
        dbCommand.Parameters.Add(dbParam_password)
 
        Dim rowsAffected As Integer = 0
        dbConnection.Open
        Try
            rowsAffected = dbCommand.ExecuteNonQuery
        Finally
            dbConnection.Close
        End Try
 
        Return rowsAffected
    End Function
 
Sub btnUpdate_Click(sender As Object, e As EventArgs)
lblUsernameError.Text = ""
lblPasswordLengthError.Text = ""
lblNewPasswordError.Text = ""
 
Dim hashMethod as string
    hashMethod = "MD5"
    Dim encryptPassword as string
    encryptPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(txtNewPassword.Text, hashMethod)
 
If txtNewPassword.Text.Length < 7 then
      lblPasswordLengthError.Text = "* Your password is not secure, please ensure it is 7 characters or more"
Else if txtNewPassword.Text <> txtVerifyNewPassword.Text Then
      lblNewPasswordError.Text = "* Verify password must match password"
Else if updateUserPass(txtUsername.Text, encryptPassword) = 0 Then
      lblUsernameError.Text = "* Your username does not appear to exist"
Else
      updateUserPass(txtUsername.Text, encryptPassword)
End
End Sub
 
I have constructed the above code using Web Matrix to perform a simple update function. However, for some reason I get the error message that the username doesnt exsist eventhough it does. Can anyone see where Im going wrong with it?
 
User avatar
omniuni
Forum Regular
Posts: 738
Joined: Tue Jul 15, 2008 10:50 pm
Location: Carolina, USA

Re: ASP.NET

Post by omniuni »

I think it displays that error if it does not UPDATE the user name. If you are not actually updating, and just checking, then it will still display that error, even if it exists.

This said, keep in mind that by and far it's PHP that is seen on this forum, so this is little more than a context-clue based guess. ASP has always made my head spin, personally. Also, your code generator is putting some weird line breaks in your code. (&_)

I think this looks like VBScript, isn't ADO usually used for database work?
crazycoders
Forum Contributor
Posts: 260
Joined: Tue Oct 28, 2008 7:48 am
Location: Montreal, Qc, Canada

Re: ASP.NET

Post by crazycoders »

It is using ado.net.... one thing i might suggest to simply code is to use this:

dbCommand.parameters.add("paramname", type, length).value = "value"

It would save you several lines of code

Next, for your problem, i don't know, it does look like everything is ok. My guess is that there is nothing in txtUsername.text. If possible, use sql server profiler to look at queries coming in the db. It will be the easiest way to detect your error.

Cheers
Post Reply