我正在使用Language vb.net在Visual Basic 2010上创建一个应用程序,我想知道允许用户创建和编辑他们的信息到数据库是否安全,所以我不必为此做我自己每个人。
数据库结构(列): ID 会员 用户名 密码 电子邮件
这只是列出所有已注册的用户:
MySQLCon = New MySqlConnection
'Replaced info below for security purposes.
MySQLCon.ConnectionString = "Database=localhost;Data Source=sql3.freesqldatabase.com;User Id=user;Password=password"
Dim SDA As New MySqlDataAdapter
Dim dbDataSet As New DataTable
Dim bSource As New BindingSource
Dim command As MySqlCommand
Try
MySQLCon.Open()
Dim Query As String
Query = "SELECT member FROM members"
command = New MySqlCommand(Query, MySQLCon)
SDA.SelectCommand = command
SDA.Fill(dbDataSet)
bSource.DataSource = dbDataSet
vagueMembers.DataSource = bSource
SDA.Update(dbDataSet)
MySQLCon.Close()
MySQLCon.Dispose()
Catch ex As MySqlException
'Nothing
End Try
这是我用来直接从应用程序插入一个新成员。
Dim SQLStatement As String = "INSERT INTO members(member) VALUES('" & memberToAdd.Text & "')"
submitRequest(SQLStatement)
我再问一遍,允许新客户使用第二个代码块创建信息是否安全?
P.S。这是一个(WinForms)。