在Microsoft VIsual Studio中验证用户名和密码

时间:2013-06-21 20:01:57

标签: vb.net visual-studio

当有人点击按钮时,我无法验证用户名和密码。我有两个名为user_logon_iduser_password的文本框。

我有一个名为 MyUsers 的表,我想要验证用户名(user_logon_id)和密码(user_password)是否在同一行。如果它们不匹配,则应该通知用户。如果匹配,则将其引导至userAdmin.aspx

我正在使用Microsoft Visual Studio 2008。我对此非常陌生,并且非常希望能够掌握这一点。我不需要担心加密密码。

1 个答案:

答案 0 :(得分:-1)

您可以在调试器中运行它并验证查询是否返回一行?

一些建议:

考虑参数化您的查询,如下所示:

 Dim conn As New SqlConnection(_connectionString)
 conn.Open()
 Dim s As String = "SELECT user_password FROM MyUsers WHERE user_logon_id = @user_login_id"
 Dim cmd As New SqlCommand(s)
 cmd.Parameters.Add("@user_login_id", Me.user_logon_id.Text)
 Dim reader As SqlDataReader = cmd.ExecuteReader()

以某种方式哈希密码

考虑从数据库表中选择用户名和密码匹配的位置。如果结果是一条记录,则登录成功。

     Dim s As String = "SELECT userid FROM MyUsers WHERE user_logon_id = @user_login_id and user_password=@user_password"

完整代码

Protected Sub butSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles butSubmit.Click

Dim myReader As Data.SqlClient.SqlDataReader
Dim mySqlConnection As Data.SqlClient.SqlConnection
Dim mySqlCommand As Data.SqlClient.SqlCommand

'Establish the SqlConnection by using the configuration manager to get the connection string in our web.config file.
mySqlConnection = New Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("ConnectionString1").ToString())
Dim sql As String = "SELECT userid FROM MyUsers WHERE user_logon_id = @user_login_id and user_password=@user_password"

mySqlCommand = New Data.SqlClient.SqlCommand(sql, mySqlConnection)

 cmd.Parameters.Add("@user_login_id", Me.user_logon_id.Text)
 cmd.Parameters.Add("@user_password", Me.user_password.Text)

Try
    mySqlConnection.Open()
    myReader = mySqlCommand.ExecuteReader()

    If (myReader.HasRows) Then    
            'Open page with users and roles
            Dim message As String = "Correct password"
            Dim style As MsgBoxStyle = MsgBoxStyle.OkOnly
            Dim title As String = "Authenticated"
            MsgBox(message, style, title)
    End If

Catch ex As Exception
    Console.WriteLine(ex.ToString())
Finally
    If Not (myReader Is Nothing) Then
        myReader.Close()
    End If

    If (mySqlConnection.State = Data.ConnectionState.Open) Then
        mySqlConnection.Close()
    End If

End Try

End Sub
相关问题
最新问题