Bug in the code of Action of Login button

Getting Started
1

Dear All,

I am working on the development of login screen. For user entered UserName and Password , I am checking if they exist in the database table called user_mstr. I have added the follwing code as Action event for Login button. But during run-time error with a bug symbol at the begining of the Bind-Type statement as shown in the code below. Can anyone help resolve this. If possible give me any simple code to validate the entered user-id and password against the table values. Thank you.

Sub Action()
Dim ps As PreparedSQLStatement = _
ssssterp.Prepare(“SELECT * FROM user_mstr WHERE Name = ? AND Password = ?”)

ps.BindType(0, MySQLPreparedStatement.MYSQL_TYPE_STRING) /******** Error line **************/
ps.BindType(1, MySQLPreparedStatement.MYSQL_TYPE_STRING)

ps.Bind(0, UserNameText.Text)
ps.Bind(1, PasswordText.Text)

Dim rs As RecordSet = ps.SQLSelect
If rs <> Nil Then
While Not rs.EOF
MsgBox("Name: " + rs.Field(“Name”).StringValue + " Password: " + rs.Field(“Password”).StringValue)
rs.MoveNext
Wend
Else
If ssssterp.Error Then MsgBox(ssssterp.ErrorMessage)
End If
End Sub

2

What Error exactly do you get?

What happens if you combine theBind & BindType like this?:

ps.Bind(0, UserNameText.Text, MySQLPreparedStatement.MYSQL_TYPE_STRING)
3

This line

Dim ps As PreparedSQLStatement

Needs to be

Dim ps As MySQLPreparedStatement
4

Hi Greg, I was going to post that but this code is in the MySQLPreparedStatement docs:

[code]Dim ps As PreparedSQLStatement = _
db.Prepare(“SELECT * FROM Persons WHERE Name = ? AND Age >= ?”)

ps.BindType(0, MySQLPreparedStatement.MYSQL_TYPE_STRING)
ps.BindType(1, MySQLPreparedStatement.MYSQL_TYPE_LONG)

ps.Bind(0, “john”)
ps.Bind(1, 20)[/code]

and I haven’t used MySQL so I don’t know if that info is wrong.

5

Hi Greg,
When I prefix with MySQL, I get the following error when I Click on ‘button’ ‘Check this item for any errors’

Login.LoginButton.Action, line 2
Can’t find a type with this name
Dim ps As MYSQLPreparedSQLStatement = _

6

[quote=408703:@Sriram Chivikula]Hi Greg,
When I prefix with MySQL, I get the following error when I Click on ‘button’ ‘Check this item for any errors’

Login.LoginButton.Action, line 2
Can’t find a type with this name
Dim ps As MYSQLPreparedSQLStatement = _[/quote]

Greg said you

Dim ps As MySQLPreparedStatement

Not
Dim ps As MYSQLPreparedSQLStatement

7

HI Sascha,

I am unable to add the error snap shot here. But error message is something like exception error NilObjectException.

8

Hi Greg,
Sorry, now I added correctly as you said, but I am getting the following error

Login.LoginButton.Action, line 2
Type mismatch error. Expected class MySQLPreparedStatement, but got interface PreparedSQLStatement
ssssterp.Prepare(“SELECT * FROM user_mstr WHERE Name = ? AND Password = ?”)

9

Please post your code again (with all changes) and using the CODE option from the forum:

[code]paste code here[/code]
10

Where and how is ssssterp defined and initialised?

11

It is MySQL db created in Toad and connected in xojo

12

Hi All,

Apologies for late reply. Thank you all for your help. I was 4 days away from work.

The query from Jeff ’ Where and how is ssssterp defined and initialsed’ help me to probe further the Database concepts documents in xojo. Then I understood since the database was added to the project, it has to cast the result from db.prepare. It is working fine now.

Here is my revised code…

Note:'This example uses a MySQL Database that was added to the project, so it has to cast the result from db.Prepare.

Dim ps As PreparedSQLStatement
here is the corrected statement below…

ps = MYSQLPreparedStatement(ssssterp.Prepare(“SELECT * FROM user_mstr WHERE Name = ? AND Password = ?”))

ps.BindType(0, MYSQLPreparedStatement.MYSQL_TYPE_STRING)
ps.Bind(0, UserNameText.Text)
ps.BindType(1, MySQLPreparedStatement.MYSQL_TYPE_STRING)
ps.Bind(1, PasswordText.Text)

Dim rs As RecordSet = ps.SQLSelect
If rs <> Nil Then
IF rs.Field(“Name”).StringValue = UserNameText.Text AND rs.Field(“Password”).StringValue = PasswordText.Text AND UserNameText.Text <> “” AND PasswordText.Text <> “” THEN
'While Not rs.EOF
'MsgBox("Name: " + rs.Field(“Name”).StringValue + " Password: " + rs.Field(“Password”).StringValue)
'rs.MoveNext
'Wend
Login.close
Menu.show

Else
Msgbox(“Invalid UserId or Password…Please Retry”)
UserNameText.SetFocus()
rs.close
END IF
Else
If ssssterp.Error Then MsgBox(ssssterp.ErrorMessage)
rs.close
End If

13

Please tell me you aren’t storing your passwords in plain-text…

14

Extend this to “Please don’t tell me you are storing Passwords” :wink:

15

Fair, it should be properly generated hashes…