Received in my email today:
say your blog and thought you might help.
strsql = “SELECT StaffID, DesignationID, StaffName, Password, ShopID from staffT where StaffName =” & UserName.Text & ” AND Password =” & Password.Text & “”
from the string, the username.text and password.text are form controls. what is happening is there are passing null values regardless of what you input in the text boxes resulting in a system error.
“System Error Object reference not set to an instance of an object”
Am using Mysql as the database.
I’m always glad to answer such questions, especially when the questioner is flirting with disaster, as much as this questioner is.
A trained eye can immediately spot the problem with the SQL statement above, aside from the problem of NULL values tossing errors. Namely, it’s wide-open to SQL injection. (And an even keener eye will note that the values for user name and password aren’t delimited with single-quotes.)
So here’s my reply email to the questioner: