facing problem while executing vb.net query

Question

Dim con As SqlConnection
        con = New SqlConnection(\"server=chinna; uid=sa; pwd=136018@h; database=icms\")
        con.Open()
        Dim cmd As SqlCommand
            


        

Answer 1

You are missing the DataSource assignment.

Add GridView1.DataSource = rdr before you call DataBind.

Your If block should look like:

If rdr.Read() Then  
 GridView1.Visible = True             
 GridView1.DataSource = rdr
 GridView1.DataBind()           
End If 

Answer 2

Should be

cmd = New SqlCommand("select pass from personal where idno='" & TextBox1.Text & "'", con)

beyond that code seems for ASP.net. We can not execute MsgBox in VB.net that can appear on client browser.

Answer 3

What is your error or are you just getting a null for rdr?

I don't see an outpout paramenter. You need one. You only have an input parameter.

Answer 4

use HasRows on rdr and set DataSourcefor GridView1

    Dim rdr As SqlDataReader
    rdr = cmd.ExecuteReader()
    If rdr.HasRows Then
        GridView1.Visible = True
        GridView1.DataSource = rdr
        GridView1.DataBind()
    End If

Answer 5

Use ExecuteScalar instead of ExecuteReader.

Dim password As String
password = cmd.ExecuteScalar.ToString()

FYI, storing passwords in plain text and comparing like this is VERY bad practice. You should be encrypting the passwords with some one-way salted encryption and then doing the same on verification then comparing the encrypted values.

Answer 6

You need to use parameters in your query:

cmd = New SqlCommand("select pass from personal where idno=@param", con)
cmd.Parameters.AddWithValue("param", TextBox1.Text);