Private Sub BtnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles BtnLogin.Click
Dim sql As String
sql = " SELECT * FROM LoginDetails WHERE UsernameID = '" & TxtUsername.Text & "' AND Password = '" & TxtPassword.Text & "'"
ds = db.sqlSelect(sql)
Dim i As Integer
Dim Username As String = ds.Tables("LoginDetails").Rows(i)("UsernameID")
Dim Password As String = ds.Tables("LoginDetails").Rows(i)("Password")
''''''STUDENT LOGIN'''''''
If TxtUsername.Text = "" And TxtPassword.Text = "" Then
MsgBox("No username and password entered!")
ElseIf TxtUsername.Text = "" Then
MsgBox("No username entered!")
ElseIf TxtPassword.Text = "" Then
MsgBox("No password entered!")
End If
Username = TxtUsername.Text.ToLower
Password = TxtPassword.Text.ToLower
If TxtUsername.Text.ToLower = Username And TxtPassword.Text = Password Then
FrmMainMenu.Show()
Me.Hide()
FrmMainMenu.LblWelcome.Text = "Welcome " & ds.Tables("LoginDetails").Rows(i)("Student Name") & "!"
ElseIf TxtUsername.Text.ToLower = Username And TxtPassword.Text <> Password Then
MsgBox("Wrong password entered!")
End If
If TxtUsername.Text.ToLower <> Username And TxtPassword.Text <> Password Then
MsgBox("Wrong password or username!")
Else
End If
If Len(Username) <> 7 Then
MsgBox("Username must be exactly 7 characters long and must be in the following format: 1XlXXXX")
End If
If Len(Password) < 6 And Len(Password) > 30 Then
MsgBox("Password must be between 6 and 30 characters!")
End If
当我输入表格的正确详细信息时,无论何时输入错误的密码,它都会崩溃!
任何人都可以帮我解决这个问题吗?我一直收到这个错误!!!
IndexOutofRangeException未处理
位置0没有行。
指向代码:Dim Username As String = ds.Tables(“LoginDetails”)。Rows(i)(“UsernameID”)
以下是将代码链接到我的数据库的类:
Imports System.Data.OleDb
Public Class clsDBConnector
Dim con As New OleDbConnection
Dim dbProvider As String
Dim dbSource As String
Dim da As OleDbDataAdapter
Dim ds As New DataSet
Sub connect()
dbProvider = "PROVIDER=MICROSOFT.ACE.OLEDB.12.0;"
dbSource = "Data Source = E:\Computing\COMP4\Database.accdb "
con.ConnectionString = dbProvider & dbSource
con.Open()
End Sub
Function sqlSelect(ByVal sqlString As String)
da = New OleDbDataAdapter(sqlString, con)
da.Fill(ds, "LoginDetails")
Return ds
End Function
Sub reset()
ds.Reset()
End Sub
Sub SQLinsert(ByVal sql) 'inserts data into database
Dim da As New OleDbCommand(sql, Con)
da.ExecuteNonQuery()
End Sub
Function SQLupdate(ByVal sqlString As String)
da = New OleDbDataAdapter(sqlString, con)
da.Fill(ds, "LoginDetails")
Return ds
End Function
End Class
答案 0 :(得分:1)
第一个你做错的事情是存储纯文本密码。 从不存储纯文本密码。
第二个的事情是你全开到SQL注入攻击。使用parameterized queries。否则,您允许用户随意执行他们在数据库中喜欢的任何代码。
第三个是你在这里假设一个返回值:
sql = " SELECT * FROM LoginDetails WHERE UsernameID = '" & TxtUsername.Text & "' AND Password = '" & TxtPassword.Text & "'"
ds = db.sqlSelect(sql)
Dim i As Integer
Dim Username As String = ds.Tables("LoginDetails").Rows(i)("UsernameID")
Dim Password As String = ds.Tables("LoginDetails").Rows(i)("Password")
如果SELECT语句找不到任何值,则Rows(i)(i在这种情况下为0,因为这是Integer的默认值)不存在。在尝试访问之前,您需要检查Rows的计数。在这种情况下,从逻辑上讲,如果Rows.Count为0,则找不到用户名/密码组合的匹配项,因此登录失败。通知用户登录失败并停止执行其他任何操作。
你做错的第四次事情是存储纯文本密码。 Never store plain-text passwords.
答案 1 :(得分:0)
在SQL调用之后开始使用数据集之前,您应该检查是否收到了有效/任何数据。调用我包含的DataSet检查方法。如果返回false,则表示您的SQL返回了一个空DataSet。因此,您可以显示一条消息,说明无效的登录信息..
bool IsEmpty(DataSet dataSet)
{
foreach(DataTable table in dataSet.Tables)
{ if (table.Rows.Count != 0) return false; }
return true;
}
答案 2 :(得分:0)
每当您尝试从数据库中获取信息时,请执行以下操作:
If ds.tables("MyTable").rowsCount > 0 then
// Do the stuff
Else
// There is no information on the table
End If