Display passwords stored in table

[jumbledore]

Hi,
I have created a database in access with a table and a form. the table contains usernames and passwords. the form contains 2 textboxes and 1 button. The user has to enter his userid and the password in the respective text boxes and then click on the button. What then happens is that the click event runs a vba code which runs an sql query to match the username in the textbox to the username in the table and then displays the corresponding password in a msgbox. But whenever I run the code I get an error. Below is the code. I would appreciate it if you could help me correct my errors. Thanks

Private Sub Command4_Click()
    Dim myRecordSet As New ADODB.Recordset
    myRecordSet.ActiveConnection = CurrentProject.Connection
    myRecordSet.Open "SELECT passwords.Password FROM passwords WHERE (((passwords.Username)=[Forms]![passwordform].[Usertext]))"
    MsgBox myRecordSet.Fields(0).Value
    myRecordSet.Close
    Set myRecordSet = Nothing
End Sub

***
passwords is a table with 2 columns, Username and Password

 

[james_lankford]

not positive but I think it needs to be

set myRecordSet.ActiveConnection = CurrentProject.Connection

 

[jumbledore]

not positive but I think it needs to be

set myRecordSet.ActiveConnection = CurrentProject.Connection

Hi I tried your suggestion but I am still getting the error "-2147217904 (80040e10) No value given for one or more required parameters" Thanks

 

[james_lankford]

myRecordSet.Open "SELECT passwords.Password FROM passwords WHERE (((passwords.Username) = '" & [Forms]![passwordform].[Usertext])) & "' "


) = '" &
that's a single quote followed by a double quote


& "' "

that's a double quote followed by a single quote followed by a space and then a double quote

but t's a really bad way to do it

do a google search for "sql injection" to find out why

 

[Kyle123]

Never, ever store passwords in plain text. They should at least be hashed and if possible salted and hashed.

That probably came across a bit strong, but you shouldn't do it - there really isn't a valid reason to. You shouldn't know your users' passwords as its a security issue

 

[jumbledore]

myRecordSet.Open "SELECT passwords.Password FROM passwords WHERE (((passwords.Username) = '" & [Forms]![passwordform].[Usertext])) & "' "


) = '" &
that's a single quote followed by a double quote


& "' "

that's a double quote followed by a single quote followed by a space and then a double quote

but t's a really bad way to do it

do a google search for "sql injection" to find out why

so is there a solution to it? Is there a way to refer to or select elements in a table or query and perform calculations/operations on them? For example let's say I want to find the earliest "joining date" in an access-table of "employees" in the "sales department". How do I code this in vba? Thanks