spot errors in VB

Please spot the errors in the following code in VB.NET:

Dim Diff As String = con.ExecuteCommand(“SELECT DATEDIFF(Day, (select [date] from table where Username = ‘” + txtUserName.Text + “‘), ‘” & DateTime.Now.ToString() & “‘)”)
If (Diff > 30) Then
Response.Redirect(“PleaseChangeMyPassword.aspx”)
End If

( find at least 3…)

Side note:

No wonder Visual Basic has died ( more or less). Guess future of server javascript ….

September 18, 2016
3 Comments
Andrei Ignat
.NET

3 Responses

Nilesh

1. ExecuteCommand returns int and is being assigned to String variable.
2. Diff (being a string) is compared with Integer

Can not spot the 3rd one. Can you hightlight the third one?

September 26, 2016 at 10:54 am

Reply

Andrei Ignat

Sql Injection
‘” + txtUserName.Text + “‘

September 27, 2016 at 9:14 pm

Reply

Tudor Turcu

Eroarea e la programatorul care mai compileaza un program cu Option Strict Off iar sql injection nu are treaba cu limbajul..

October 7, 2016 at 1:34 pm

Reply

spot errors in VB

3 Responses

Leave a Reply Cancel reply

Andrei Ignat weekly software news(mostly .NET)