0

Protected Sub btnAddSubmit_Click(ByVal sender As Object, ByVal e As EventArgs) Handles btnAddSubmit.Click Dim add As String

    add = "INSERT INTO account(firstname, lastname, uname, pass, type)" & " VALUES ('" & fname.Text & "','" & lname & "','" & username & "','" & password & "','" & type & "')"

An error pops up at this part "INSERT INTO account(firstname, lastname, uname, pass, type)" & " VALUES ('" & fname.Text & "

The Error: Operator '&' is not defined for types 'String' and 'System.Web.UI.HtmlControls.HtmlInputText'.

The program that I have to create should have the ability to add an account can someone help me? :(

EDIT: I have manage to get it worked but however instead of recording the input in the textbox it shows System.Web.UI.HtmlControls.HtmlInputText in the database (instead of for example Firstname: Tom it shows Firstname: System.Web.UI.HtmlControls.HtmlInputText)

Dim SQLStatement As String = "INSERT INTO account(firstname, lastname, uname, pass, type)" & " VALUES ('" & fname.ToString() & "','" & lname.ToString() & "','" & username.ToString() & "','" & password.ToString() & "','" & type.ToString() & "')"

SaveNames(SQLStatement)

This is what I had change

Improve this question
5
  • 1
    You have a SQL injection vulnerability. Commented Mar 20, 2014 at 14:59
  • 2
    Do not store passwords in plain text. Commented Mar 20, 2014 at 14:59
  • What are fname, lname etc.... Commented Mar 20, 2014 at 14:59
  • Security is hard. Do not reinvent the wheel. You should use an existing, proven, authentication system, such as ASP.Net Identity. Otherwise, you will have vulnerabilities. Commented Mar 20, 2014 at 15:00
  • this is the fname lname <label for="firstname">First Name</label> <input runat=server id="fname" type="text" placeholder="Firstname"> Commented Mar 20, 2014 at 15:08

1 Answer 1

Reset to default
0

As Mr Slacks says you have many problems in your single line of code above.
The lesser one is the use of Text property for an HtmlInputText control.

You should use the property Value for every HtmlInputText (fname, etc...) that you want to get its content.

For the other problems. Start reading about Sql Injection and Parameterized queries and ASP.NET Identity

EDIT Your last edit applies the ToString() method to the instance of the HtmlInputText control and results (as expected) in the fully qualified class name.

You should apply the ToString() method to the Value property

  fname.Value.ToString ...... etc....
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

That works! Thanks! Last question, how can I clear the textbox after pressing the submit button?
fname.Value = "" should work, but if not, please post a new question.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.