How can I make my code for User Login Info in a Database?

Question

I am making an application on Visual Basic 2010 using the Language vb.net and am wondering if it is safe to allow the user to create and edit their info into a database so i don't have to do it for every individual myself.

Database Structure (Columns): id member Username Password Email

This is just to list all Users Signed Up:

MySQLCon = New MySqlConnection 'Replaced info below for security purposes. MySQLCon.ConnectionString = "Database=localhost;Data Source=sql3.freesqldatabase.com;User Id=user;Password=password" Dim SDA As New MySqlDataAdapter Dim dbDataSet As New DataTable Dim bSource As New BindingSource Dim command As MySqlCommand Try MySQLCon.Open() Dim Query As String Query = "SELECT member FROM members" command = New MySqlCommand(Query, MySQLCon) SDA.SelectCommand = command SDA.Fill(dbDataSet) bSource.DataSource = dbDataSet vagueMembers.DataSource = bSource SDA.Update(dbDataSet) MySQLCon.Close() MySQLCon.Dispose() Catch ex As MySqlException 'Nothing End Try

This is what i use to insert a new member right from the application.

Dim SQLStatement As String = "INSERT INTO members(member) VALUES('" & memberToAdd.Text & "')" submitRequest(SQLStatement)

I ask again, is it safe to allow a new client to use the 2nd code block to create info?

P.S. This is a (WinForms).

`INSERT INTO members(member) VALUES('" & memberToAdd...` https://xkcd.com/327/ — TessellatingHeckler, Jun 11 '15 at 22:54
the second code block isnt safe for *anyone* to use. see http://stackoverflow.com/questions/542510/how-do-i-create-a-parameterized-sql-query-why-should-i — Ňɏssa Pøngjǣrdenlarp, Jun 11 '15 at 22:57
@Plutonix can you put this in an answer according to my code info cause i don't understand it. — AfterShotzZHD, Jun 11 '15 at 23:08

How can I make my code for User Login Info in a Database?

0 Answers0