这是我的代码并且不断出现错误
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim connection As New OleDbConnection("Provider = Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\Database1.accdb")
Dim dataread As OleDbDataReader
Dim f2 As New Form2
Dim com As OleDbCommand
connection.Open()
com = New OleDbCommand("SELECT * FROM User WHERE usr_name='" & TextBox2.Text & "' AND password='" & TextBox1.Text & "'", connection)
dataread = com.ExecuteReader()
If dataread.HasRows = True Then
Me.Hide()
f2.Show()
End If
dataread.Close()
dataread.Close()
connection.Close()
End Sub
答案 0 :(得分:3)
要修复的第一件事是User
表名和Password
列名。用户和密码均为reserved words in Access Jet-SQL,您需要使用方括号。然后在构建查询时出现字符串连接问题。这导致解析错误和Sql注入(尽管在MS-Access中实现起来不太容易)。无论如何总是使用参数化查询,准确指定传递的参数的数据类型是什么,而不会在数据库端“猜测那是什么”。
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Using connection = New OleDbConnection("Provider = Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\Database1.accdb")
Using com = New OleDbCommand("SELECT * FROM [User] " & _
"WHERE usr_name=@name " & _
"AND [password]=@pwd", connection)]
connection.Open()
com.Parameters.Add("@name", OleDbType.VarWChar).Value = TextBox1.Text
com.Parameters.Add("@pwd", OleDbType.VarWChar).Value = TextBox2.Text
Using dataread = com.ExecuteReader()
If dataread.HasRows = True Then
Dim f2 As New Form2
Me.Hide()
f2.Show()
End If
End Using
End Using
End Using
End Sub
最后考虑从安全角度来看,将密码以明文形式存储在数据库表中是一种非常糟糕的做法。此外,MS-Access等基于文件的数据库。只需查看您的表格即可显示您的用户密码。该网站回答了很多关于storing passwords on databases的问题。