我为我的程序制作了一个简单的登录代码。
在我的网站上,我为存储用户名,电子邮件和密码的程序创建了一个mysql数据库,我已经查询了数据库2次以插入2个帐户。
我可以在第一个帐户没有问题的情况下登录,但不能使用第二个和第三个帐户登录。
无论如何这里是代码:
Dim dbConn As New MySqlConnection
Dim UsernameVerify As New MySqlCommand
Dim PasswordVerify As New MySqlCommand
Dim EmailVerify As New MySqlCommand
Dim typeverify As New MySqlCommand
Dim lgnUsername As String
Dim lgnPassword As String
Dim lgnEmail As String
Dim lgntype As String
'server info
dbConn.ConnectionString = "server=*************;UserID=*******;password=********;database=*****"
Try
dbConn.Open()
UsernameVerify.Connection = dbConn
UsernameVerify.CommandText = "Select USERNAME from users"
PasswordVerify.Connection = dbConn
PasswordVerify.CommandText = "Select PASSWORD from users"
EmailVerify.Connection = dbConn
EmailVerify.CommandText = "Select EMAIL from users"
typeverify.Connection = dbConn
typeverify.CommandText = "Select TYPE from users"
lgnUsername = UsernameVerify.ExecuteScalar
lgnPassword = PasswordVerify.ExecuteScalar
lgnEmail = EmailVerify.ExecuteScalar
lgntype = typeverify.ExecuteScalar
dbConn.Close()
If ComboBox1.Text = lgnUsername And ComboBox2.Text = lgnPassword And ComboBox3.Text = lgnEmail And ComboBox4.Text = lgntype Then
Panel1.BackgroundImage = mpng2
Label5.Text = "Succesfully verified user !"
Me.Close()
Else
Panel1.BackgroundImage = mpng
Label5.Text = "Could not find user check your credentials"
ComboBox1.Focus()
End If
Catch ex As MySqlException
Label5.Text = "Error while verifying "
MessageBox.Show("Error when connecting to database|" + ex.Message)
dbConn.Dispose()
verifying.Close()
End Try
有谁知道如何解决这个问题。
我已经在考虑使用while循环或其他东西了吗?
答案 0 :(得分:0)
没有必要循环,你正在为自己的生活而努力。记住要始终保持简单。
简单登录代码可能如下所示:
Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As SYstem.EventArgs) Handles btnLogin.Click
Dim conn As New MysqlConnection("Server=****;Database=****;User=****;Password=****;")
Dim sql As String = "SELECT userid, username, password, email, type FROM users WHERE username = xname AND password = xpass"
Dim args As New List(Of MySqlParameter)
args.Add(New MySqlParameter("xname", txtUsername.Text))
args.Add(New MySqlParameter("xpass", txtPassword.Text))
Dim cmd As MySqlCommand = New MySqlCommand(sql, conn)
cmd.Parameters.AddRange(args.ToArray) ' You might want to check this, not sure if it needs the .ToArray
Dim drLogin As MySqlDataReader = cmd.ExecuteReader()
If drLogin.HasRows
' do login code here (I'll store user details out the DataReader and redirect)
dr.Read()
Session("userid") = dr("userid")
Session("username") = dr("username")
Session("usertype") = dr("type")
Response.Redirect("~/Members/Home.aspx")
Else
lblerr.Text = "Invalid username/password"
lblerr.ForeColor = System.Drawing.Color.Red
End If
End Sub
此代码获取您在一次查询中可能需要的所有用户信息(适用于限制数据库的开销)。 sql中的WHERE子句意味着它只会获得用户名和密码与用户登录时匹配的行。
List(Of SqlParameter)只存储输入的值以供在sql中使用。这有助于保护表单更多,因为sql注入不太可能这样。我在这里将此List转换为数组,因为我不确定SqlCommand.Paramaters.AddRange是否接受List。其中一种方式可行。
会话变量对于显示仅与登录用户相关的内容非常有用。您可以使用userid将数据库的结果限制为仅获取userid与Session(“userid”)值相同的内容。
希望这有帮助!