当我使用我在VB.NET中开发的系统注册时,我有这个奇怪的问题,它不允许我使用我注册的正确用户名和密码登录(在登录表单中)。但是,当我在Access数据库中手动输入用户名和密码时,我设法登录没有任何问题。以下是我登录和注册的代码
登录
conn = New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source= C:\Users\lenovo\Documents\Visual Studio 2012\Projects\SDP user interface\SDP user interface\bin\Debug\SCPdatabase.accdb")
conn.Open()
sql = "Select * FROM Members WHERE Username ='" & txtusername.Text & "' AND [Password] ='" & txtpassword.Text & " ' "
cmd = New OleDbCommand(sql, conn)
dr = cmd.ExecuteReader()
If dr.HasRows Then
MessageBox.Show("Login Success")
Me.Hide()
Member_Page.Show()
Member_Page.lblwelcome.Text = "Welcome" & txtusername.Text
Else
MessageBox.Show("Login Failed")
End If
dr.Close()
conn.Close()
注册
Dim flag As Integer
MyConn.Open()
sql = "Insert INTO Members (Username,[IC],Email,PhoneNumber,FullName,[Password],Newsletter) values (' " & txtusername3.Text & "','" & txtic3.Text & "','" & txtemail3.Text & "','" & txtphone3.Text & "','" & txtname3.Text & "', ' " & txtpwd3.Text & " ',' " & cmb3.Text & " ')"
cmd = New OleDbCommand(sql, MyConn)
flag = cmd.ExecuteNonQuery()
If flag > 0 Then
MessageBox.Show(flag & " records added", "Add Records Successful", MessageBoxButtons.OK, MessageBoxIcon.Information)
End If
MyConn.Close() 'closes the connection
请告知thnx
答案 0 :(得分:0)
您的INSERT语句正在为值添加空格字符:
' " & txtusername3.Text & "'
^--- here
和
' " & txtpwd3.Text & " '
^--- here ^--- here
等
但是当你从表格中选择时,你不会包含它们:
WHERE Username ='" & txtusername.Text & "' AND [Password] ='" & txtpassword.Text & " '
just here ---^
完全摆脱空白字符,因为他们会根据您对这些值的预期更改值。
或者,更好的是,使用query parameters,这样您就不必首先手动构建这些字符串值。 (并且,作为奖励,将关闭您当前拥有的巨大SQL注入漏洞。)