Imports System.Data Imports System.Data.SqlClient Public Class Form1 Inherits System.Windows.Forms.Form #Region " Windows Form Designer generated code " Public Sub New() MyBase.New() 'This call is required by the Windows Form Designer. InitializeComponent() 'Add any initialization after the InitializeComponent() call End Sub 'Form overrides dispose to clean up the component list. Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean) If disposing Then If Not (components Is Nothing) Then components.Dispose() End If End If MyBase.Dispose(disposing) End Sub 'Required by the Windows Form Designer Private components As System.ComponentModel.IContainer 'NOTE: The following procedure is required by the Windows Form Designer 'It can be modified using the Windows Form Designer. 'Do not modify it using the code editor. Friend WithEvents Label1 As System.Windows.Forms.Label Friend WithEvents Label2 As System.Windows.Forms.Label Friend WithEvents Button1 As System.Windows.Forms.Button Friend WithEvents result As System.Windows.Forms.Label Friend WithEvents FirstName As System.Windows.Forms.TextBox Friend WithEvents LastName As System.Windows.Forms.TextBox Friend WithEvents Button2 As System.Windows.Forms.Button Friend WithEvents Button3 As System.Windows.Forms.Button Private Sub InitializeComponent() Me.Label1 = New System.Windows.Forms.Label Me.Label2 = New System.Windows.Forms.Label Me.result = New System.Windows.Forms.Label Me.FirstName = New System.Windows.Forms.TextBox Me.LastName = New System.Windows.Forms.TextBox Me.Button1 = New System.Windows.Forms.Button Me.Button2 = New System.Windows.Forms.Button Me.Button3 = New System.Windows.Forms.Button Me.SuspendLayout() ' 'Label1 ' Me.Label1.Font = New System.Drawing.Font("Microsoft Sans Serif", 9.75!, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, CType(0, Byte)) Me.Label1.Location = New System.Drawing.Point(16, 16) Me.Label1.Name = "Label1" Me.Label1.TabIndex = 0 Me.Label1.Text = "First Name:" Me.Label1.TextAlign = System.Drawing.ContentAlignment.MiddleRight ' 'Label2 ' Me.Label2.Font = New System.Drawing.Font("Microsoft Sans Serif", 9.75!, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, CType(0, Byte)) Me.Label2.Location = New System.Drawing.Point(16, 56) Me.Label2.Name = "Label2" Me.Label2.TabIndex = 1 Me.Label2.Text = "Last Name:" Me.Label2.TextAlign = System.Drawing.ContentAlignment.MiddleRight ' 'result ' Me.result.Font = New System.Drawing.Font("Microsoft Sans Serif", 9.75!, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, CType(0, Byte)) Me.result.ForeColor = System.Drawing.Color.Red Me.result.Location = New System.Drawing.Point(272, 144) Me.result.Name = "result" Me.result.Size = New System.Drawing.Size(104, 23) Me.result.TabIndex = 2 Me.result.TextAlign = System.Drawing.ContentAlignment.MiddleCenter ' 'FirstName ' Me.FirstName.Font = New System.Drawing.Font("Microsoft Sans Serif", 9.75!, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, CType(0, Byte)) Me.FirstName.Location = New System.Drawing.Point(120, 16) Me.FirstName.Name = "FirstName" Me.FirstName.Size = New System.Drawing.Size(408, 22) Me.FirstName.TabIndex = 3 Me.FirstName.Text = "" ' 'LastName ' Me.LastName.Font = New System.Drawing.Font("Microsoft Sans Serif", 9.75!, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, CType(0, Byte)) Me.LastName.Location = New System.Drawing.Point(120, 56) Me.LastName.Name = "LastName" Me.LastName.Size = New System.Drawing.Size(408, 22) Me.LastName.TabIndex = 4 Me.LastName.Text = "" ' 'Button1 ' Me.Button1.Font = New System.Drawing.Font("Microsoft Sans Serif", 9.75!, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, CType(0, Byte)) Me.Button1.Location = New System.Drawing.Point(120, 88) Me.Button1.Name = "Button1" Me.Button1.Size = New System.Drawing.Size(75, 40) Me.Button1.TabIndex = 5 Me.Button1.Text = "Dynamic SQL" ' 'Button2 ' Me.Button2.Font = New System.Drawing.Font("Microsoft Sans Serif", 9.75!, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, CType(0, Byte)) Me.Button2.Location = New System.Drawing.Point(280, 88) Me.Button2.Name = "Button2" Me.Button2.Size = New System.Drawing.Size(75, 40) Me.Button2.TabIndex = 7 Me.Button2.Text = "Stored Proc" ' 'Button3 ' Me.Button3.Font = New System.Drawing.Font("Microsoft Sans Serif", 9.75!, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, CType(0, Byte)) Me.Button3.Location = New System.Drawing.Point(424, 88) Me.Button3.Name = "Button3" Me.Button3.Size = New System.Drawing.Size(104, 40) Me.Button3.TabIndex = 8 Me.Button3.Text = "Parameterized Query" ' 'Form1 ' Me.AutoScaleBaseSize = New System.Drawing.Size(5, 13) Me.ClientSize = New System.Drawing.Size(576, 181) Me.Controls.Add(Me.Button3) Me.Controls.Add(Me.Button2) Me.Controls.Add(Me.Button1) Me.Controls.Add(Me.LastName) Me.Controls.Add(Me.FirstName) Me.Controls.Add(Me.result) Me.Controls.Add(Me.Label2) Me.Controls.Add(Me.Label1) Me.Name = "Form1" Me.Text = "Login" Me.ResumeLayout(False) End Sub #End Region Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Dim objConn As New SqlConnection("data source=(local);initial catalog=Northwind;integrated security=SSPI;persist security info=False") Dim sqlCmd As New SqlCommand With sqlCmd .CommandText = "select EmployeeID from Employees where FirstName = '" + _ FirstName.Text + "' and LastName = '" + LastName.Text + "'" .CommandType = CommandType.Text .Connection = objConn End With objConn.Open() Dim sqlResult As SqlDataReader = sqlCmd.ExecuteReader() If sqlResult.HasRows Then result.Text = "authorized" Else result.Text = "unauthorized" End If sqlResult.Close() objConn.Close() End Sub Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click Dim objConn As New SqlConnection("data source=(local);initial catalog=Northwind;integrated security=SSPI;persist security info=False") Dim sqlCmd As SqlCommand = New SqlCommand("ValidateUser", objConn) sqlCmd.CommandType = CommandType.StoredProcedure Dim sqlP1 As SqlParameter = New SqlParameter("@FirstName", SqlDbType.NVarChar) sqlP1.Direction = ParameterDirection.Input sqlP1.Value = FirstName.Text Dim sqlP2 As SqlParameter = New SqlParameter("@LastName", SqlDbType.NVarChar) sqlP2.Direction = ParameterDirection.Input sqlP2.Value = LastName.Text sqlCmd.Parameters.Add(sqlP1) sqlCmd.Parameters.Add(sqlP2) objConn.Open() Dim sqlResult As SqlDataReader = sqlCmd.ExecuteReader() If sqlResult.HasRows Then result.Text = "authorized" Else result.Text = "unauthorized" End If sqlResult.Close() objConn.Close() End Sub Private Sub Button3_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button3.Click Dim objConn As New SqlConnection("data source=(local);initial catalog=Northwind;integrated security=SSPI;persist security info=False") Dim sql As String = "select EmployeeID from Employees" + _ " where FirstName = @FirstName and LastName = @LastName" Dim sqlCmd As New SqlCommand(sql, objConn) Dim sqlP1 As SqlParameter = New SqlParameter("@FirstName", SqlDbType.NVarChar) sqlP1.Direction = ParameterDirection.Input sqlP1.Value = FirstName.Text Dim sqlP2 As SqlParameter = New SqlParameter("@LastName", SqlDbType.NVarChar) sqlP2.Direction = ParameterDirection.Input sqlP2.Value = LastName.Text sqlCmd.Parameters.Add(sqlP1) sqlCmd.Parameters.Add(sqlP2) objConn.Open() Dim sqlResult As SqlDataReader = sqlCmd.ExecuteReader() If sqlResult.HasRows Then result.Text = "authorized" Else result.Text = "unauthorized" End If sqlResult.Close() objConn.Close() End Sub End Class