我已经解决了这个问题:
Imports System.ComponentModel
Imports System.Data.SqlClient
Public Class Form1
Dim MyConnection As SqlConnection = New SqlConnection("Server=DESKTOP-I0N45MV\SQL2012;Database=user;uid=;pwd=")
Dim MyDataAdapter As New SqlDataAdapter()
Dim MyDataAdapter1 As New SqlDataAdapter()
Dim Result As String
Dim Result1 As String
Private Sub login_Click(sender As Object, e As EventArgs) Handles login.Click
MyDataAdapter.SelectCommand = New SqlCommand()
MyDataAdapter1.SelectCommand = New SqlCommand()
MyDataAdapter.SelectCommand.Connection = MyConnection
MyDataAdapter1.SelectCommand.Connection = MyConnection
MyDataAdapter.SelectCommand.CommandText = "Select Username From users WHERE Username ='" & user_.Text & "'"
MyDataAdapter1.SelectCommand.CommandText = "Select Password From users WHERE Password ='" & pass_.Text & "'"
MyConnection.Open()
Result = MyDataAdapter.SelectCommand.ExecuteScalar()
Result1 = MyDataAdapter1.SelectCommand.ExecuteScalar()
MyConnection.Close()
答案 0 :(得分:0)
首先不要使用此:
MyDataAdapter.SelectCommand.CommandText = "SELECT Username FROM users WHERE Username ='" & user_.Text & "'"
因为它会让您的代码通过SQL注入进行注入,所以请改用stored procedure或parameterized queries。
其次我不明白为什么要使用两个查询。
你不能只使用像SELECT Username FROM users WHERE Username = 'foo' AND Password = 'bar'
之类的那样做,然后只使用这个查询的结果吗?
第三,我建议您将连接字符串作为参数传递给项目。如果您要对WinForms
项目进行编码,则可以像下面这样进行访问:Dim connection As New SqlConnection(My.Settings.connectionString)
最后,因为那是你问的,你的连接字符串应该是这样的
Server=YourServerName;Database=YourDBName;Trusted_Connection=True;
。
如果您在SQL Server上使用Windows身份验证,如果您使用用户名和密码进行身份验证,它应该像Server=myServerAddress;Database=myDataBase;User Id=myUsername;
Password=myPassword;
一样远程查看。