0

this form for update user password there is error

ERROR MESSAGE --- No value given for one or more required parameters ERROR MESSAGE IMAGE

My code

CONNECTION CODE

Imports System.Data.OleDb Module Module1

Public Function GetConnection() As OleDb.OleDbConnection
    Return New OleDb.OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" & Application.StartupPath & "\mydata.accdb")
End Function


UPDATE BUTTON CODE


    Try
        con = GetConnection()
        con.Open()
        Dim str As String
        str = "update [usercontrol] set [Password] = '" & TextBox1.Text & "' Where [Username] =" & TextBox3.Text
        Dim cmd As OleDbCommand = New OleDbCommand(str, con)
        cmd.ExecuteNonQuery()
        cmd.Dispose()
        con.Close()
        MsgBox("New password has been successfully updated", MsgBoxStyle.Information)
        clear()

    Catch ex As Exception
        MsgBox(ex.Message)
        If con.State = ConnectionState.Open Then
            con.Close()
        End If
    End Try
BigBen
  • 46,229
  • 7
  • 24
  • 40
Mohamoud Abdirahman
  • 3
  • 3
  • 2
    Use [Command Parameters](https://learn.microsoft.com/en-us/dotnet/api/system.data.oledb.oledbcommand.parameters) (and never go back to string concatenation anymore), problem solved. – Jimi Dec 11 '20 at 20:55
  • Look at how you have written the password value. Then look at how you have written the username value. See any difference? Said that, this is the wrong way to create sql commands. Search how to write [parameterized queries](https://stackoverflow.com/questions/542510/how-do-i-create-a-parameterized-sql-query-why-should-i). – Steve Dec 11 '20 at 20:56

1 Answers1

0

Since connections should be local to the method where they are used your GetConnection function really isn't useful. A class (module level) string variable to hold the connection string is all you need.

Using...End Using blocks take care of disposing objects that have a .Dispose method even if there is an error. It will also close the connection. In this code both the command and the connection are included in the Using block. Note the comma at the end of the first line of the Using.

This demonstrates how to used parameters. I had to guess at the datatype and size of the fields. Check you database and correct the code. Access doesn't care about the names of the parameters. We use the names to make the code easy to read. For Access, the order that the parameters appear in the command text must match the order they are added to the parameters collection.

Private ConStr As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" & Application.StartupPath & "\mydata.accdb"
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
    'Validate input
    If TextBox1.Text = "" OrElse TextBox3.Text = "" Then
        MessageBox.Show("Please fill in both user name and password")
        Exit Sub
    End If

    Try
        Using con As New OleDbConnection(ConStr),
                cmd As New OleDbCommand("Update [usercontrol] Set [Password] = @password Where [Username] = @username;", con)
            cmd.Parameters.Add("@password", OleDbType.VarChar, 100).Value = TextBox1.Text
            cmd.Parameters.Add("@username", OleDbType.VarChar, 100).Value = TextBox3.Text
            con.Open()
            cmd.ExecuteNonQuery()
        End Using
        MsgBox("New password has been successfully updated", MsgBoxStyle.Information)
    Catch ex As Exception
        MsgBox(ex.Message)
    End Try
End Sub

I am sorry to say that the worst part of the code it not addressed in this answer. The worst part is storing Passwords as plain text. Do Not! Look into encryption. BCrypt is popular.

Mary
  • 14,926
  • 3
  • 18
  • 27