Embedded-Sql without Sql-Injection
Do this and you can be legally shot:
myCmd.Commandtext = "Select * from Users where " & _
"Username = '" & txtUserName.text & "'" & _
" and Password = '" & txtPassword.Text & "'"
So do this instead, at the **absolute** minimum:
Dim myCmd as SqlCommand
.Commandtext = "Select * from Users where " & _
"Username = @Name and Password = @Pass "
.Parameters("@Name").Value = txtUserName.Text
.Parameters("@Pass").Value = txtPassword.Text
(You should still be smacked around for not encapsulating your functionality, not using tiers, and not using a sproc, but you will not be shot)
I'm currently writing a book about how to build your first product. If you want to build your first product, please sign up to be notified when the book is available.