我正在玩数据库,今天在尝试使用SQLCompactEdition数据库时,我创建了一个名为UserDB的本地数据库,并在其中有一个名为User的表。
我使用我的应用程序(这是另一个数据库)登录管理员,通过管理员,我正在创建用户。
我用于此目的的代码是:
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim connStr As New SqlCeConnection("Data Source=c:\users\babi\documents\visual studio 2012\Projects\ShopManagement\ShopManagement\" & "User\UserDB.sdf; Password =")
Dim name, pass, repass As String
name = TextBox1.Text
If (name.Length = 0) Then
MessageBox.Show("Enter user-name!!")
Exit Sub
End If
pass = TextBox2.Text
If (pass.Length = 0) Then
MessageBox.Show("Enter password!!")
Exit Sub
End If
repass = TextBox3.Text
If (repass.Length = 0) Then
MessageBox.Show("Re-enter password!!")
Exit Sub
End If
If (getMD5Hash(pass) = getMD5Hash(repass)) Then
Dim cmd As New SqlCeCommand("INSERT INTO User(uname, upass)VALUES(" & name & "," & getMD5Hash(pass) & ");", connStr)
connStr.Open()
cmd.ExecuteNonQuery()
connStr.Close()
MessageBox.Show("User Created!")
Exit Sub
Else
MessageBox.Show("Passwords donot match!!")
Exit Sub
End If
End Sub
当我调试时,我发现查询字符串为:
"INSERT INTO User(uname, upass)VALUES(abcd,827ccb0eea8a706c4c34a16891f84e7b);"
发生的异常是:
An unhandled exception of type 'System.Data.SqlServerCe.SqlCeException' occurred in System.Data.SqlServerCe.dll
我无法理解导致此错误的原因。 如果需要更多信息,请询问。
修改的
固定代码:
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim connStr As New SqlCeConnection("Data Source=c:\users\babi\documents\visual studio 2012\Projects\ShopManager\ShopManager\" & "ManagementDB.sdf; Password =")
Dim name, pass, repass As String
name = TextBox1.Text
If (name.Length = 0) Then
MessageBox.Show("Enter user-name!!")
Exit Sub
End If
pass = TextBox2.Text
If (pass.Length = 0) Then
MessageBox.Show("Enter password!!")
Exit Sub
End If
repass = TextBox3.Text
If (repass.Length = 0) Then
MessageBox.Show("Re-enter password!!")
Exit Sub
End If
If (getMD5Hash(pass) = getMD5Hash(repass)) Then
Dim cmd As New SqlCeCommand("INSERT INTO [User](uname, upass) VALUES('" & name & "','" & getMD5Hash(pass) & "');", connStr)
connStr.Open()
cmd.ExecuteNonQuery()
connStr.Close()
MessageBox.Show("User Created!")
Exit Sub
Else
MessageBox.Show("Passwords donot match!!")
Exit Sub
End If
End Sub
两个解决方案的组合给出了问题的解决方案! 谢谢你们两位:)
此致 Priyabrata
答案 0 :(得分:2)
查询中的大问题
首先,USER是reserved keyword。如果要使用它,则需要使用方括号将其封装。然后,当您尝试连接字符串以构建Sql命令时,您会遇到问题。相反,您应该使用参数化查询。最后,打开Using statement中包含的连接。通过这种方式,您可以确保连接将被关闭,并且在异常的情况下也是DISPOSED(这也适用于SqlCeCommand)。
所以,我会改为写
Dim pwd = getMD5Hash(pass)
Dim cmdText = "INSERT INTO [User] (uname, upass) VALUES (@name, @pwd)"
Using connStr As New SqlCeConnection(......)
Using cmd As New SqlCeCommand(cmdText, connStr)
cmd.Parameters.AddWithValue("@name", name)
cmd.Parameters.AddWithValue("@pwd", pwd)
connStr.Open()
cmd.ExecuteNonQuery()
End Using
End Using
答案 1 :(得分:1)
如果 uname,upass 列string/varchar尝试在插入操作期间在值周围添加引号char('):
Dim cmd As New SqlCeCommand("INSERT INTO User(uname, upass) VALUES('" & name & "','" & getMD5Hash(pass) & "');", connStr)
所以你的查询应该成为:
INSERT INTO User(uname, upass) VALUES('abcd','827ccb0eea8a706c4c34a16891f84e7b');