Visual Basic 2012中的多用户登录问题

时间:2014-04-20 03:50:14

标签: vb.net visual-studio-2012

我有以下代码,用于根据登录凭据显示不同的页面。例如,以管理员身份登录应该显示AdminPanel并以其他人应该显示的方式登录UserPanel。问题是,无论您登录的是谁,它都会显示UserPanel。

    Try
        Dim connection As New SqlClient.SqlConnection
        Dim command As New SqlClient.SqlCommand
        Dim adaptor As New SqlClient.SqlDataAdapter
        Dim dataset As New DataSet
        connection.ConnectionString = ("Data Source=.\SQLEXPRESS;Initial Catalog=FSMembers;Integrated Security=True;Pooling=False")
        command.CommandText = "select * from [users] where username='" & UsernameTextBox.Text & "' and password ='" & PasswordTextBox.Text & "' and Position='admin or user' " '
        connection.Open()
        command.Connection = connection
        adaptor.SelectCommand = command
        adaptor.Fill(dataset, "0")
        Dim count = dataset.Tables(0).Rows.Count
        If count < 1 Then
            UserPanel.Show()
            Me.Hide()
        ElseIf count > 1 Then
            AdminPanel.Show()
            Me.Hide()
        Else
            MsgBox("You have inserted invalid Login details." & vbNewLine & "Please try again!", MsgBoxStyle.Critical, "Login Failed | FS Members")
            UsernameTextBox.Clear()
            PasswordTextBox.Clear()
        End If
    Catch ex As System.Data.SqlClient.SqlException
        MsgBox(ex.Message)
    End Try

希望有人能在这里指出我正确的方向。

谢谢, 丹

2 个答案:

答案 0 :(得分:0)

这样做:

Try
   Dim connection As New SqlClient.SqlConnection
   Dim command As New SqlClient.SqlCommand
   command.CommandText = "SELECT Position from [users] WHERE username='" & UsernameTextBox.Text & "' and password ='" & PasswordTextBox.Text & "'"
   connection.Open()
   command.Connection = connection
   Dim Res = command.ExecuteScalar()

   If Res IsNot Nothing Then 
      If Res.ToString().ToLower() <> "admin" Then
        UserPanel.Show()
        Me.Hide()
      Else
        AdminPanel.Show()
        Me.Hide()
      End If
   Else
      MsgBox("You have inserted invalid Login details." & vbNewLine & "Please try again!", MsgBoxStyle.Critical, "Login Failed | FS Members")
        UsernameTextBox.Clear()
        PasswordTextBox.Clear()
   End If
Catch ex As System.Data.SqlClient.SqlException
    MsgBox(ex.Message)
End Try

我在SO编辑器中写这个,所以可能会有轻微的错别字。最重要的是,我希望您理解的是,这种构建查询的方式会使您的应用程序暴露于SQL Injection攻击。您应该考虑为它创建存储过程,或者使用一些应用程序级别的方法向查询发送参数,而不是将文本框值连接成字符串。

答案 1 :(得分:0)

排序 我更改了以下内容:

 If Res IsNot Nothing Then 
  If Res.ToString().ToLower() <> "admin" Then
    UserPanel.Show()
    Me.Hide()
  Else
    AdminPanel.Show()
    Me.Hide()
  End If

要:

                If Res IsNot Nothing Then
            If Res.ToString().ToLower() <> "admin" Then
                AdminPanel.Show()
                Me.Hide()
            Else
                UserPanel.Show()
                Me.Hide()
            End If

现在有效。 非常感谢。我非常感谢你的帮助。

相关问题
最新问题