我想更改此参数化查询
On Error Resume Next
Dim timex As String
Dim isigroup As DataTable
objdata = New clsMSSQL
isigroup = objdata.QueryDatabase("SELECT * FROM Userx WHERE Username='" & txtuser.Text & "' AND Userpass ='" & txtpassword.Text & "'")
If isigroup.Rows.Count > 0 Then
For i = 0 To isigroup.Rows.Count - 1
If isigroup.Rows(i)("username") <> txtuser.Text Or isigroup.Rows(i)("userpass") <> txtpassword.Text Then
MsgBox("Access denied username and password !!!", MsgBoxStyle.Information, "Attention.....")
xcountx = xcountx + 1
If xcountx >= 3 Then
MsgBox("You have reach the maximum time of login !!", MsgBoxStyle.Exclamation, "Προσοχή.....")
End
End If
Exit Sub
End If
Next
username = isigroup.Rows(0)("Username")
xUser_ID = isigroup.Rows(0)("User_id")
xUser_Access = isigroup.Rows(0)("Access_Type")
timex = TimeOfDay
isigroup = objdata.QueryDatabase("INSERT INTO Audit_Log (User_ID, Login) VALUES(" & xUser_ID & ", '" & timex & "')")
isigroup = objdata.QueryDatabase("SELECT * FROM Audit_Log ORDER BY LOG_ID DESC")
LOGID = isigroup.Rows(0)("LOG_ID")
Audit_Trail(xUser_ID, TimeOfDay, "Login to system ")
我尝试了很多,但我无法帮助
这是班级
Imports System.Data.SqlClient
Public Class clsMSSQL
Public Shared con As New SqlConnection(constring)
Private DbSwtable As DataTable
Public Function QueryDatabase(ByVal Query As String) As DataTable
Try
Dim objDataSet As New DataSet
Dim objDataTable As New DataTable
Dim objDataAdapter As New SqlDataAdapter(Query, con)
objDataAdapter.Fill(objDataSet, "DefaultTable")
objDataTable = objDataSet.Tables("DefaultTable")
con.Close()
Return objDataTable
Catch ex As Exception
MessageBox.Show(ex.Message, "Λάθος", MessageBoxButtons.OK, MessageBoxIcon.Error)
Return DbSwtable
End Try
End Function
答案 0 :(得分:3)
像这样编辑函数QueryDataBase:
添加参数username和password并使用DataAdapter的SelectCommand属性。同时将函数名称从QueryDatabase更改为GetUserData。
Public Function GetUserData(username as string, password as string) As DataTable
Try
Dim objDataSet As New DataSet
Dim objDataTable As New DataTable
Dim sql As String = "SELECT * FROM Userx WHERE Username=@Username AND Userpass=@Userpass"
Dim objDataAdapter As New SqlDataAdapter()
Dim selectCmd as new SqlCommand(sql, con)
selectCmd.Parameters.Add("@Username", SqlDbType.Varchar).Value = UserName
selectCmd.Parameters.Add("@UserPass", SqlDbType.Varchar).Value =Password
objDataAdapter.SelectCommand = selectCmd;
objDataAdapter.Fill(objDataSet, "DefaultTable")
objDataTable = objDataSet.Tables("DefaultTable")
con.Close()
Return objDataTable
Catch ex As Exception
MessageBox.Show(ex.Message, "Λάθος", MessageBoxButtons.OK, MessageBoxIcon.Error)
Return DbSwtable
End Try
End Function
然后从UI中调用这样的函数:
isigroup = objdata.GetUserData(txtuser.Text, txtpassword.Text)
答案 1 :(得分:1)
Fabian的修改版答案: 像这样编辑函数QueryDataBase:
添加用户名和密码哈希的参数,并使用DataAdapter的SelectCommand属性。同时将函数名称从QueryDatabase更改为GetUserData。
Public Function GetUserData(username as string, PassHash as string) As DataTable
Try
Dim objDataSet As New DataSet
Dim objDataTable As New DataTable
Dim sql As String = "SELECT * FROM Userx WHERE Username=@Username AND PassHash =@PassHash"
Dim objDataAdapter As New SqlDataAdapter()
Dim selectCmd as new SqlCommand(sql, con)
selectCmd.Parameters.Add("@Username", SqlDbType.Varchar).Value = UserName
selectCmd.Parameters.Add("@PassHash", SqlDbType.Varchar).Value =PassHash
objDataAdapter.SelectCommand = selectCmd;
objDataAdapter.Fill(objDataSet, "DefaultTable")
objDataTable = objDataSet.Tables("DefaultTable")
con.Close()
Return objDataTable
Catch ex As Exception
MessageBox.Show(ex.Message, "Λάθος", MessageBoxButtons.OK, MessageBoxIcon.Error)
Return DbSwtable
End Try
End Function
然后从UI中调用这样的函数:
isigroup = objdata.GetUserData(txtuser.Text, gethash(txtpassword.Text))