我的工作,需要有要管理员类型帐户登录页面都有不同的视图后,在关于MySQL用户表有一个字段称为管理员其是TINYINT的程序,并且,如果它是1,那么用户应该访问管理页面,如果没有,他们应该获得标准主页,我该如何验证? 这是我已经编码的代码
Sub Singnin_Click(sender As Object, e As EventArgs) Handles Singnin.Click
Dim sql As New Odbc.OdbcCommand("select passwords from Users where Username = '" & Username.Text & "' and passwords = '" & Password.Text & "'", conn)
Dim isadmin As New Odbc.OdbcCommand("select admin from Users where Username = '" & Username.Text & "' and passwords = '" & Password.Text & "'", conn)
Dim admintrue As Boolean
conn.Open()
rs = sql.ExecuteReader
If rs.Read() Then
ad = isadmin.ExecuteReader
If ad.Read() = "1" Then
Admin_Menu.Show()
Me.Close()
ElseIf ad.Read() = "0"
Homepage.Show()
Me.Close()
End If
Password.Text = ""
Username.Text = ""
Me.Hide()
Else
MsgBox("incorrect username or password")
Password.Text = ""
End If
conn.Close()
End Sub
答案 0 :(得分:1)
这取决于您的验证意味着什么?您的代码将满足您的要求。一些建议,你可以将这两个sql查询合并为1,不需要运行2个单独的查询,并且你也可以让自己开放sql注入。我建议使用参数或存储过程而不是内联sql查询。
Sub Singnin_Click(sender As Object, e As EventArgs) Handles Singnin.Click
Dim sql As New Odbc.OdbcCommand("select admin from Users where Username = @UserName and passwords = @Password", conn)
'Dim isadmin As New Odbc.OdbcCommand("select admin from Users where Username = '" & Username.Text & "' and passwords = '" & Password.Text & "'", conn)
Dim admintrue As Boolean
conn.Open()
sql.CommandType = CommandType.Text
sql.Parameters.AddWithValue("@UserName", UserName.Text)
sql.Parameters.AddWithValue("@Password", Password.Text)
rs = sql.ExecuteReader
If rs.Read() Then
admintrue = RS.item("admin")
If admintrue = "1" Then
Admin_Menu.Show()
Me.Close()
Else
Homepage.Show()
Me.Close()
End If
Password.Text = ""
Username.Text = ""
Me.Hide()
Else
MsgBox("incorrect username or password")
Password.Text = ""
End If
conn.Close()
End Sub
实际上,只是发现原始代码出错...
ad.Read()=" 1"
这就是为什么它总是会进入Admin屏幕。如果记录存在,ad.Read返回true,您需要放置ad.Item(" admin")