Check if record already exists

Question

I am creating a program in VB.NET where, before creating a user I want to check that if that record already exists.

Here is my code:

Imports MySql.Data.MySqlClient
Public Class WindowsAdvancedStudyStartingForms
    Dim FirstName As String = ""
    Dim SecondName As String = ""
    Dim FullName As String = ""
    Dim StudentClassReal As String = ""
    Dim StudentClassValue As String = ""
    Dim Address As String = ""
    Dim Username As String = ""
    Dim Password As String = ""
    Dim SuccessfulMessage As Integer = 0
    'MySql
    Dim ServerString As String = "Server=myServer;User ID=myID;Passwordmy=Password;Database=myDatabase;SSLMode=None"
    Dim SQLConnection As MySqlConnection = New MySqlConnection
    Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
        FirstName = AFirstNameTextBox.Text
        SecondName = ASecondNameTextBox.Text
        FullName = FirstName + " " + SecondName
        StudentClassValue = ASelectClassComboBox.SelectedItem
        Address = AAddressTextBox.Text
        Username = AUsernameTextBox.Text
        Password = APasswordTextBox.Text

        If StudentClassValue = "Class IX" Then
            StudentClassReal = 9
        Else
            MessageBox.Show("You have selected a Wrong Class", "Wrong Class", MessageBoxButtons.OK, MessageBoxIcon.Error)
        End If
        If FirstName = "" And FirstName.Count = 1 Then
            MessageBox.Show("You didn't enter your First Name", "First Name", MessageBoxButtons.OK, MessageBoxIcon.Error)
        Else
            'Nothing
        End If

        If SecondName = "" Then
            MessageBox.Show("You didn't enter your Second Name", "Second Name", MessageBoxButtons.OK, MessageBoxIcon.Error)
        Else
            'Nothing
        End If

        If Address = "" Then
            MessageBox.Show("You didn't enter your Address", "Address", MessageBoxButtons.OK, MessageBoxIcon.Error)
        Else
            'Nothing
        End If

        If Username = "" Then
            MessageBox.Show("You didn't enter your Username", "Username", MessageBoxButtons.OK, MessageBoxIcon.Error)
        Else
            'Nothing
        End If

        If Password = "" Then
            MessageBox.Show("You didn't enter your Password", "Password", MessageBoxButtons.OK, MessageBoxIcon.Error)
        Else
            'Nothing
        End If

        If StudentClassReal = "9" Then
            Dim StudentInformationVerification As Integer = MessageBox.Show("Are you sure that these are your information?" & vbCrLf & "I am " + FullName + ", and I study at Class " + StudentClassReal + ". I live in " + Address + ". My Advanced Windows Study Username is " + Username + ", and my password is " + Password, "Information Verification", MessageBoxButtons.YesNo, MessageBoxIcon.Question)

            If StudentInformationVerification = DialogResult.Yes Then
                Dim SQLStatement As String = "INSERT INTO people(FirstName, SecondName, Class, Address, Username, Password) VALUES('" & FirstName & "','" & SecondName & "', '" & StudentClassReal & "', '" & Address & "', '" & Username & "', '" & Password & "')"
                SaveName(SQLStatement)
                    My.Computer.Registry.LocalMachine.SetValue("Study", "1")
                    SuccessfulMessage = 1
                    Me.Close()
                End If

                If StudentInformationVerification = DialogResult.No Then

            End If
        Else
            'Nothing

        End If
    End Sub

    'MYSQL Connection
    Private Sub WindowsAdvancedStudyStartingForms_Load(sender As Object, e As EventArgs) Handles MyBase.Load
        Dim RegistryCheck As String = My.Computer.Registry.LocalMachine.GetValue("Study")
        If RegistryCheck = 1 Then
            LoginForm1.Show()
            Me.Close()
        End If
        APasswordTextBox.UseSystemPasswordChar = True
SQLConnection:

        SQLConnection.ConnectionString = ServerString

        Try
            If SQLConnection.State = ConnectionState.Closed Then
                SQLConnection.Open()
                If SuccessfulMessage = 0 Then
                    MessageBox.Show("Connected to Windows Advanced Study Database", "Connection to Database Passed", MessageBoxButtons.OK, MessageBoxIcon.Information)
                End If
            Else
                SQLConnection.Close()
                MessageBox.Show("Could not Connect to Windows Advanced Study Database", "Connection to Database Failed", MessageBoxButtons.RetryCancel, MessageBoxIcon.Error)
                If DialogResult.Retry Then
                    GoTo SqlConnection
                End If

                If DialogResult.Cancel Then
                    Close()
                End If
            End If
        Catch ex As Exception
            MsgBox(ex.ToString)
        End Try
    End Sub

    Public Sub SaveName(ByRef SQLStatement As String)
        Dim cmd As MySqlCommand = New MySqlCommand

        With cmd
            .CommandText = SQLStatement
            .CommandType = CommandType.Text
            .Connection = SQLConnection
            .ExecuteNonQuery()
        End With
        MessageBox.Show("Welcome to Advanced Windows Studying", "Authentication Successful", MessageBoxButtons.OK, MessageBoxIcon.Information)
    End Sub
End Class

Answer 1

Use parameters. Turn on Option Strict. You won't need all those Dim's for the student info. You can pass your connection string to the constructor of the MySQLConnection. Move your validation code to the Validat event of the various controls. Look up how to cancel the event so focus stays on the appropriate control. You can pass your SQL string and the connection directly to the connection constructor. Using...EndUsing statements will ensure that objects are closed and disposed properly even if there is an error. This is very important to ensure that connections are closed. Don't use GoTo. This is only in the language for backward compatibility and should not be used in new code. (leads to spaghetti code) In a real application, passwords would never be stored as plain text but that is a topic for another day. In your SQL statements you need to surround and MySQL reserved words with back ticks (`) This is the character below the tilde (~) and is the quoted identifier for MySQL. Actually, it doesn't hurt to surrond all table names and column names with the back tick to be safe. I cannot test this code because I don't have your database.

Imports MySql.Data.MySqlClient
Public Class MySQLStudent
    Dim strConnection As String = "Server=myServer;User ID=myID;Passwordmy=Password;Database=myDatabase;SSLMode=None"
    Private Sub RegisterStudent()
        Using cn As New MySqlConnection(strConnection)
            Dim SQLStatement As String = "Select Count(*) From people where Username = @UserName;"
            Using cmdV As New MySqlCommand(SQLStatement, cn)
                cn.Open()
                Dim rowCount As Integer = CInt(cmdV.ExecuteScalar())
                cn.Close()
                If rowCount > 0 Then
                    MessageBox.Show("Sorry that username is in use; please enter another one.")
                    AUsernameTextBox.Focus
                    Exit Sub
                End If
            End Using
            SQLStatement = "INSERT INTO people(FirstName, SecondName, `Class`, Address, `Username`, `Password`) VALUES(@FirstName, @SecondName', @StudentClassValue, @Address, @UserName, @Password);"
            Using cmd As New MySqlCommand(SQLStatement, cn)
                cmd.Parameters.Add("@FirstName", MySqlDbType.String).Value = AFirstNameTextBox.Text
                cmd.Parameters.Add("@SecondName", MySqlDbType.String).Value = ASecondNameTextBox.Text
                cmd.Parameters.Add("@StudentClassValue", MySqlDbType.String).Value = ASelectClassComboBox.SelectedItem
                cmd.Parameters.Add("@Address", MySqlDbType.String).Value = AAddressTextBox.Text
                cmd.Parameters.Add("@Username", MySqlDbType.String).Value = AUsernameTextBox.Text
                cmd.Parameters.Add("@Password", MySqlDbType.String).Value = APasswordTextBox.Text
                cn.Open()
                With cmd
                    .CommandType = CommandType.Text
                    .ExecuteNonQuery()
                End With
            End Using
        End Using
        MessageBox.Show("Welcome to Advanced Windows Studying", "Registration Successful", MessageBoxButtons.OK, MessageBoxIcon.Information)
    End Sub
    Private Sub LogInStudent()
        Using cn As New MySqlConnection(strConnection)
            Using cmd As New MySqlCommand("Select Count(*) From people Where `Username` = @UserName And `Password` = @Password;", cn)
                cmd.Parameters.Add("@UserName", MySqlDbType.String).Value = AUsernameTextBox.Text
                cmd.Parameters.Add("@Password", MySqlDbType.String).Value = APasswordTextBox.Text
                cn.Open()
                Dim rowCount As Integer = CInt(cmd.ExecuteScalar)
                cn.Close()
                If rowCount <> 1 Then
                    MessageBox.Show("Sorry, invalid login.")
                    Exit Sub
                End If
                MessageBox.Show("Successful login.")
                'Show the next form of the application
            End Using
        End Using
    End Sub
End Class