Private Sub ButtonCreate_Click(sender As Object, e As EventArgs) Handles ButtonCreate.Click
If TextUsername.Text = "" Then
MsgBox("Isi terlebih dahulu ID user")
Exit Sub
End If
Try
'Because of connection pooling you should create a **BRAND NEW CONNECTION OBJECT**
Using conn As New SqlConnection("connection string here"),
cmd = New SqlCommand("SELECT username FROM tbl_pengguna WHERE username = @Username", conn)
cmd.Parameters.Add("@Username", SqlDbType.NVarChar, 20).Value = TextUsername.Text
conn.Open()
Using rdr As SqlDataReader = cmd.ExecuteReader()
cmd.Paramters.Clear()
'Use actual database column values in this section.
'Also: plain-text passwords? Is this amateur hour?
If rdr.Read()
cmd.CommandText = "UPDATE tbl_pengguna SET password=@password, hak_akses=@hakakses WHERE username=@username"
cmd.Parameters.Add("@Username", SqlDbType.NVarChar, 20).Value = TextUsername.Text
cmd.Parameters.Add("@password", SqlDbType.NVarChar, 64).Value = TextPassword.Text
cmd.Parameters.Add("@hakakses", SqlDbType.NVarChar, 10).Value = ComboBoxLvU.Text
Else
cmd.CommandText = "INSERT INTO tbl_pengguna(username,password,level_user) VALUES (@Username, @password, @UserLevel)"
cmd.Parameters.Add("@Username", SqlDbType.NVarChar, 20).Value = TextUsername.Text
cmd.Parameters.Add("@password", SqlDbType.NVarChar, 64).Value = TextPassword.Text
cmd.Parameters.Add("@UserLevel", SqlDbType.NVarChar, 10).Value = ComboBoxLvU.Text
End If
End Using
cmd.ExecuteNonQuery()
End Using
call_all()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub