-
Notifications
You must be signed in to change notification settings - Fork 4
/
encode.frm
112 lines (91 loc) · 3.01 KB
/
encode.frm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
Imports System.Data.SqlClient
Private Sub cmdSafe_Click()
Dim user_name As String
Dim password As String
Dim query As String
Dim rs As DAO.Recordset
' Get the user name and password.
user_name = Replace$(txtUserName.Text, "'", "''")
password = Replace$(txtPassword.Text, "'", "''")
' Compose the query.
query = "SELECT COUNT (*) FROM Passwords " & _
"WHERE UserName='" & user_name & "'" & _
" AND Password='" & password & "'"
txtQuery.Text = query
' Execute the query.
On Error Resume Next
Set rs = m_DB.OpenRecordset(query, dbOpenSnapshot)
If Err.Number <> 0 Then
lblValid.Caption = "Invalid Query"
ElseIf (CInt(rs.Fields(0)) > 0) Then
lblValid.Caption = "Valid"
Else
lblValid.Caption = "Invalid"
End If
rs.Close
End Sub
Private Sub cmdUnsafe_Click()
Dim user_name As String
Dim password As String
Dim query As String
Dim rs As DAO.Recordset
' Get the user name and password.
user_name = txtUserName.Text
password = txtPassword.Text
' Compose the query.
query = "SELECT COUNT (*) FROM Passwords " & _
"WHERE UserName='" & user_name & "'" & _
" AND Password='" & password & "'"
txtQuery.Text = query
' Execute the query.
On Error Resume Next
Set rs = m_DB.OpenRecordset(query, dbOpenSnapshot)
If Err.Number <> 0 Then
lblValid.Caption = "Invalid Query"
ElseIf (CInt(rs.Fields(0)) > 0) Then
lblValid.Caption = "Valid"
Else
lblValid.Caption = "Invalid"
End If
rs.Close
End Sub
p = txtP.Text
Dim conn As New ADODB.Connection
conn.Open "connection string"
Dim cmd As New ADODB.Command
With cmd
.ActiveConnection = conConnection
.CommandText = "SELECT fields FROM table WHERE condition = ?"
.CommandType = adCmdText
End With
Dim param As New ADODB.Parameter
Set param = cmd.CreateParameter("condition", adVarChar, adParamInput, 5, "value")
cmd.Parameters.Append p
Dim rs As New ADODB.Recordset
rs.CursorLocation = adUseClient
rs.Open cmd, , adOpenStatic, adLockOptimistic
Dim temp
Do While Not rs.EOF
temp = rs("field")
rs.MoveNext
Loop
rs.Close
conn.Close
Public Class Form1
Private Sub Button1_Click(ByVal sender As System.Object, _
ByVal e As System.EventArgs) Handles Button1.Click
Dim con As SqlConnection = New SqlConnection( _
"Data Source=.;Integrated Security=True;AttachDbFilename=D:\myDB.mdf")
con.Open()
Dim cmdText As String = _
"INSERT INTO Customer(UserName, [Password]) VALUES (@UserName,@Password)"
Dim cmd As SqlCommand = New SqlCommand(cmdText, con)
With cmd.Parameters
.Add(New SqlParameter("@UserName", txtUserName.Text))
.Add(New SqlParameter("@Password", txtPassword.Text))
End With
cmd.ExecuteNonQuery()
con.Close()
con = Nothing
End Sub
End Class