对于标题中的不良措辞道歉,我是OOP VB的新手,我不知道如何描述我遇到的问题! 我正在尝试创建一个登录表单,该表单通过处理登录的类连接到MySQL。 它连接没问题,但我在创建SQL命令从数据库中提取数据时遇到问题。 这是SQLConnection类
Imports MySql.Data.MySqlClient
Imports System.Threading
Public Class SQLConnection
Private serverhost As String
Private db As String
Private userid As String
Private pwd As String
Private Shared cn As New MySqlConnection
Private Shared commandstring As New MySqlCommand
Public Property Server As String
Get
Return serverhost
End Get
Set(ByVal value As String)
serverhost = value
End Set
End Property
Public Property Database As String
Get
Return db
End Get
Set(ByVal value As String)
db = value
End Set
End Property
Public Property User As String
Get
Return userid
End Get
Set(ByVal value As String)
userid = value
End Set
End Property
Public Property Password As String
Get
Return pwd
End Get
Set(ByVal value As String)
pwd = value
End Set
End Property
Public Property command As MySqlCommand
Get
Return commandstring
End Get
Set(ByVal value As MySqlCommand)
commandstring = value
End Set
End Property
Private Shared ReadOnly Property Conn As MySqlConnection
Get
Return cn
End Get
End Property
Public Shared Function TryConn(ByVal obj As SQLConnection) As Boolean
Try
Dim connectionstring As String =
"server=" & obj.Server &
";database=" & obj.Database &
";user id=" & obj.User &
";password=" & obj.Password
cn = New MySqlConnection
cn.ConnectionString = connectionstring
If cn.State = ConnectionState.Closed Then
cn.Open()
End If
Return True
cn.ConnectionString = ""
Catch ex As Exception
Return False
End Try
End Function
End Class
以下是登录表单代码段:
Try
Dim Conn As New SQLConnection
Dim reader As MySqlDataReader
With Conn
.Server = "localhost"
.Password = ""
.User = "root"
.Database = "customers"
End With
If SQLConnection.TryConn(Conn) = True Then
Dim Query As String
Query = String.Format("SELECT * FROM users WHERE Username = '{0}' AND Password = '{1}'", Me.UsernameTextBox.Text.Trim(), Me.PasswordTextBox.Text.Trim())
sql = New MySqlCommand(Query, Conn)
reader = sql.ExecuteReader
Dim count As Integer
count = 0
While reader.Read
count = count + 1
End While
If count = 1 Then
Me.Hide()
sqlloading.Show()
ElseIf count > 1 Then
errorform.FlatAlertBox1.Text = "Username and password are duplicate"
errorform.Show()
Else
errorform.FlatAlertBox1.Text = "Wrong username or password"
errorform.Show()
End If
Me.Hide()
Else
End If
Catch
End Try
运行时我得到了
“类型'WindowsApplication1.SQLConnection'的值无法转换为'MySql.Data.MySqlClient.MySqlConnection'。
答案 0 :(得分:1)
导致错误消息的问题似乎在这一行:
sql = New MySqlCommand(Query, Conn)
由于Conn是SQLConnection类型的实例,但必须是MySql.Data.MySqlClient.MySqlConnection个实例,因此您已将其创建为{的私有属性{ {1}}。
您需要进行一些更改:
SQLConnection和Conn方法成为正常的非共享方法TryConn字段不共享。cn类工具SQLConnection,确保在处理时IDisposable处置。{/ li>
将登录表单代码块更改为以下内容:
Try
Using Conn As New SQLConnection
With Conn
.Server = "localhost"
.Password = ""
.User = "root"
.Database = "customers"
End With
If SQLConnection.TryConn(Conn) = True Then
Const Query As String = "SELECT * FROM users WHERE Username = @username AND Password = @password"
' The line below fixes the error.
Using sql As MySqlCommand = New MySqlCommand(Query, Conn.Conn)
sql.Parameters.AddWithValue("@username", Me.UsernameTextBox.Text.Trim())
sql.Parameters.AddWithValue("@password", Me.PasswordTextBox.Text.Trim())
Using reader As MySqlDataReader = sql.ExecuteReader
Dim count As Integer
count = 0
While reader.Read
count = count + 1
End While
If count = 1 Then
Me.Hide()
sqlloading.Show()
ElseIf count > 1 Then
errorform.FlatAlertBox1.Text = "Username and password are duplicate"
errorform.Show()
Else
errorform.FlatAlertBox1.Text = "Wrong username or password"
errorform.Show()
End If
Me.Hide()
End Using
End Using
End If
End Using
Catch
' at least log the error?
End Try
这将解决您的即时问题,但仍有改进空间。而不是像这样自己格式化SQL:
cn您应该使用SQL参数来防止SQL注入攻击,请参阅Little Bobby Tables故事了解原因。我已更新上面的代码段以改进此功能。
最后一句话:您现在将密码存储为数据库中未加密的纯文本。这被认为是不安全的。密码应始终以加密格式存储和传输。
答案 1 :(得分:0)
您的Dim Conn As New SQLConnection正在使用Here is a demo课程。
如果您使用的是MySQL,请尝试查看SQLConnection。
答案 2 :(得分:0)
我将整个函数从登录表单添加到SQLConnection类 然后使用:
调用它Try
Dim Conn As New sqltryclass
With Conn
.Server = "localhost"
.Password = ""
.User = "root"
.Database = "adminapp"
End With
If sqltryclass.TryLogin(Conn) = True Then
Me.Hide()
sqlloading.Show()
Else
End If
Catch
End Try