Validating user input against MS Access Database {Syntax error in FROM clause}

[helio_matcha]

Hello I am new here and I am having trouble with validating user input against a Microsoft Access Database.

I am developing an application in which a user enters a user name and password.

What I need to do is somehow validate the input against my access database.

Here is the code that I have so far:

'provides classes that are required to connect to OLE DB data sources
Imports System.Data.OleDb
Public Class Login

    Inherits System.Windows.Forms.Form
    'It is used to read a row of data from the database. 
    'The data is read as forward-only, read-only stream which means that data is read sequentially, one row after another.
    Dim dr As OleDbDataReader
    'The System.Data.OleDb.OleDbConnection class represents a connection to OleDb data source
    Dim cn As OleDbConnection
    'The System.Data.OleDb.OleDbCommand class represents a SQL statement or stored procedure 
    'that is executed in a database by an OLE DB provider. 
    Dim cmd As OleDbCommand
    'Dim icount As Integer
    'Dim str As String
    Dim id As Integer
    Dim pass As String
    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

        id = txtID.Text
        pass = txtpass.Text

        Try
            cn = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0; Data Source=D:\2007_Final Sem\BSD\test.mdb;")
            cn.Open()
            cmd = New OleDbCommand("select * from userpass UserID = '" & id & "' AND Password = '" & pass & "'", cn)

            dr = cmd.ExecuteReader
            If dr.Read() Then
                MessageBox.Show("Accepted")
            Else
                MessageBox.Show("Denied")
            End If

        Catch this As NullReferenceException
            this.GetBaseException()
            MessageBox.Show("Exception thrown")
        End Try
        cn.Close()

    End Sub
End Class

But when i run it against an id and password in my database diz the error i get

OleDbException was unhandled {"Syntax error in FROM clause."}

And the error points to the statement dr = cmd.ExecuteReader, can somebody help me?

 

[mentalhard]

you have missed the WHERE clause:

cmd = New OleDbCommand("select * from userpass UserID = '" & id & "' AND Password = '" & pass & "'", cn)

should be:

cmd = New OleDbCommand("select * from userpass [b]WHERE[/b] UserID = '" & id & "' AND Password = '" & pass & "'", cn)

Ciao

 

[helio_matcha]

opps!!!

thnx a lot...yep diz kinda things happen in programmin' 4 sure

thnx 4 d heads up

 

[cjard]

please read the PQ link in my signature