How to relate a row to a specific SQL column from Visual Basic?

Question

I am simulating an ATM in Visual Basic. I have a table called Authentication in SQL. The Table contains two columns: The NUM_CARD column and the PIN_CARD column. I need to match row (0) column 1, row (1) column (1), row (2) column (1), and so on with the other rows as the card IDs are inserted. How can I do that? Thanks in advance.

The class DBConnection is the following:

Imports System
Imports System.Data.Sql
Imports System.Data.SqlClient

Public Class clsDBConnection

'Class variables'
Public cn As SqlConnection
Public cmd As SqlCommand
Public dr As SqlDataReader

'Constructor of the Connection class that creates the connection'
Sub New()
    Try
        cn = New SqlConnection("Data Source=JOVALLES-PC\SQLSERVEREX;Initial Catalog=SigmasBank;Integrated Security=True")
        cn.Open()

    Catch ex As Exception
        MsgBox("Error connecting due to:: " + ex.ToString)
    End Try
End Sub


'Returns true or false if the record exists or not in the database'
Function validationAutentication_p1(ByVal NUM_CARD As String) As Boolean
    Dim result As Boolean = False
    Try
        cmd = New SqlCommand("Select * from Autentication where NUM_CARD='" & NUM_CARD & "'", cn)
        dr = cmd.ExecuteReader


        If dr.HasRows Then
            result = True
        End If
        dr.Close()
    Catch ex As Exception
        MsgBox("Error in the procedure: " + ex.ToString)
    End Try
    Return result
End Function

Function validationAutentication_p2(ByVal PIN_CARD As String) As Boolean
    Dim result As Boolean = False
    Try
        cmd = New SqlCommand("Select * from Autentication where PIN_CARD='" & PIN_CARD & "'", cn)
        dr = cmd.ExecuteReader

        If dr.HasRows Then
            result = True
        End If
        dr.Close()
    Catch ex As Exception
        MsgBox("Error in the procedure: " + ex.ToString)
    End Try
    Return result
End Function

End Class

Insert Card ID Form:

Public Class FRM_InsertCardID

Public conn As New clsDBConnection

Private Sub BTN_Ok_Click(sender As Object, e As EventArgs) Handles BTN_Ok.Click


    If TXB_CardID.Text.Length = 0 Then
        MsgBox("Please fill in field.")


    ElseIf TXB_CardID.Text.Length > 0 And TXB_CardID.Text.Length < 16 Then

        MsgBox("Your Card ID must be 16 digits.")

    ElseIf conn.validationAutentication_p1(TXB_CardID.Text) = False Then


        MsgBox("The Card ID doesn't exist.")


    Else
        FRM_PIN.Show()
        Me.Hide()
        TXB_CardID.Text = ""

    End If



End Sub

Insert PIN form:

Public Class FRM_PIN

Public conn As New clsDBConnection


Private Sub BTN_Ok_Click(sender As Object, e As EventArgs) Handles BTN_Ok.Click


    If TXB_PIN.Text.Length = 0 Then

        MsgBox("Please fill in field.")

    ElseIf TXB_PIN.Text.Length > 0 And TXB_PIN.Text.Length < 4 Then

        MsgBox("Your PIN must be 4 digits.")

    ElseIf conn.validationAutentication_p2(TXB_PIN.Text) = False Then


        MsgBox("Incorrect PIN Please try again.")


    Else

        FRM_Transaction.Show()
        Me.Hide()
        TXB_PIN.Text = ""


    End If


End Sub

Answer 1

Not sure if typo causing issue otherwise?? - - Authentication

"I have a table called Authentication in SQL. " " cmd = New SqlCommand("Select * from Autentication where PIN_CARD='" & PIN_CARD & "'", cn)"

Answer 2

Let's start with clsDBConnection . You do not need to import System . That is there by default. System.Data.Sql is never used. Get rid of that too.

One would think that this class is about a database connection. It is not. It contains code for authentication. So rename; something like DataAccess.

Never make connections, commands and readers class level variables. These database objects need to be closed and disposed so the class is not where to declare them. They need to be local variables, local to the method where they are used.

Never, never open a connection until directly before it is used. Ideally the line before an .Execute... method is called. Be sure it is also closed and disposed as soon as possible. Your code opens a connection and leaves it flapping in the breeze.

What you can do in a DataAccess class is make your connection string a Private class level variable. Private cnString as String = ...

I can't see where you would need a custom constructor at all. Just get rid of Sub New() I have made the 2 methods in your class Shared This data is shared by all instances of the class and you do not have declare an instance of the class to use these methods. You can call shared methods just by referencing the name of the class and the method. Also the conString is Shared because it is used by shared methods.

I decided that the pin number is not necessarily unique since they only go up to 9999. That is why I used 2 parameters for the second method.

Note: I had to guess at the datatype and field size of the SqlParameters. Check your database and adjust the code accordingly.

Public Class FRM_InsertCardID

    Private Sub BTN_Ok_Click(sender As Object, e As EventArgs) Handles BTN_Ok.Click
        If TXB_CardID.Text.Length = 0 Then
            MsgBox("Please fill in field.")
            'Don't give the user any information on what a proper card ID consists of
            Return
        End If

        If DataAccess.validationAutentication_p1(TXB_CardID.Text) = False Then
            MsgBox("The Card ID doesn't exist.")
        Else
            FRM_PIN.Show()
            'It appears you are using the default instance of FRM_PIN
            FRM_PIM.CardID = TXB_CardID.Text
            TXB_CardID.Text = ""
            Me.Hide()
        End If
    End Sub

End Class

Public Class FRM_PIN

    Friend CardID As String

    Private Sub BTN_Ok_Click(sender As Object, e As EventArgs) Handles BTN_Ok.Click

        If TXB_PIN.Text.Length = 0 Then
            MsgBox("Please fill in field.")
            Return 'Exits the sub
        End If

        If DataAccess.validationAutentication_p2(CardID, TXB_PIN.Text) = False Then
            MsgBox("Incorrect PIN Please try again.")
        Else
            TXB_PIN.Text = ""
            FRM_Transaction.Show()
            Me.Hide()
        End If
    End Sub

End Class
Public Class DataAccess

    Private Shared conString As String = "Data Source=JOVALLES-PC\SQLSERVEREX;Initial Catalog=SigmasBank;Integrated Security=True"

    Public Shared Function validationAutentication_p1(ByVal NUM_CARD As String) As Boolean
        Dim result = False
        Using cn As New SqlConnection(conString),
                cmd As New SqlCommand("Select * from Autentication where NUM_CARD= @NumCARD;", cn)
            cmd.Parameters.Add("@NumCard", SqlDbType.VarChar, 16).Value = NUM_CARD
            cn.Open()
            Using dr = cmd.ExecuteReader
                If dr.HasRows Then
                    result = True
                End If
            End Using
        End Using
        Return result
    End Function

    Public Shared Function validationAutentication_p2(ByVal CardID As String, ByVal PIN_CARD As String) As Boolean
        Dim result = False
        Using cn As New SqlConnection(conString),
                cmd As New SqlCommand("Select * From Autentication where NUM_CARD = @NumCard AND PIN_CARD=@PinCard;", cn)
            cmd.Parameters.Add("@NumCard", SqlDbType.VarChar, 100).Value = CardID
            cmd.Parameters.Add("@PinCard", SqlDbType.VarChar, 4).Value = PIN_CARD
            cn.Open()
            Using dr = cmd.ExecuteReader()
                If dr.HasRows Then
                    result = True
                End If
            End Using
        End Using
        Return result
    End Function

End Class