其他信息:用户登录失败''。 SQL Server 2012

时间:2016-09-19 05:59:31

标签: sql sql-server vb.net ssrs-2012

我已经解决了这个问题:

enter image description here 

Imports System.ComponentModel
Imports System.Data.SqlClient

Public Class Form1
    Dim MyConnection As SqlConnection = New SqlConnection("Server=DESKTOP-I0N45MV\SQL2012;Database=user;uid=;pwd=")
    Dim MyDataAdapter As New SqlDataAdapter()
    Dim MyDataAdapter1 As New SqlDataAdapter()
    Dim Result As String
    Dim Result1 As String

    Private Sub login_Click(sender As Object, e As EventArgs) Handles login.Click
        MyDataAdapter.SelectCommand = New SqlCommand()
        MyDataAdapter1.SelectCommand = New SqlCommand()

        MyDataAdapter.SelectCommand.Connection = MyConnection
        MyDataAdapter1.SelectCommand.Connection = MyConnection
        MyDataAdapter.SelectCommand.CommandText = "Select Username From users WHERE Username ='" & user_.Text & "'"
        MyDataAdapter1.SelectCommand.CommandText = "Select Password From users WHERE Password ='" & pass_.Text & "'"
        MyConnection.Open()
        Result = MyDataAdapter.SelectCommand.ExecuteScalar()
        Result1 = MyDataAdapter1.SelectCommand.ExecuteScalar()
        MyConnection.Close()

1 个答案:

答案 0 :(得分:0)

首先不要使用此:
MyDataAdapter.SelectCommand.CommandText = "SELECT Username FROM users WHERE Username ='" & user_.Text & "'"因为它会让您的代码通过SQL注入进行注入,所以请改用stored procedureparameterized queries

其次我不明白为什么要使用两个查询。
你不能只使用像SELECT Username FROM users WHERE Username = 'foo' AND Password = 'bar'之类的那样做,然后只使用这个查询的结果吗?

第三,我建议您将连接字符串作为参数传递给项目。如果您要对WinForms项目进行编码,则可以像下面这样进行访问:Dim connection As New SqlConnection(My.Settings.connectionString)

最后,因为那是你问的,你的连接字符串应该是这样的 Server=YourServerName;Database=YourDBName;Trusted_Connection=True;
如果您在SQL Server上使用Windows身份验证,如果您使用用户名和密码进行身份验证,它应该像Server=myServerAddress;Database=myDataBase;User Id=myUsername; Password=myPassword;一样远程查看。

相关问题
最新问题