Visual Studio本地数据库,检查布尔值是否为真

时间:2016-09-28 16:45:18

标签: database vb.net

这里的第一次海报..我已经有一段时间了解这个问题。 这段代码检查用户名和密码的组合是否存在,如果存在,则重定向到新表单。 问题是我还想检查一个位值是真还是假,如果它然后重定向到另一个页面也是如此。我只是不知道该怎么做。 

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles
Button1.Click
    Dim connection As New SqlClient.SqlConnection
    Dim command As New SqlClient.SqlCommand
    Dim myData As SqlClient.SqlDataReader
    Dim Dataset As New DataSet
    Dim adaptor As New SqlClient.SqlDataAdapter
    connection.ConnectionString = ("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\NewFolder1\Members.mdf;Integrated Security=True")
    command.CommandText = "SELECT * FROM  [User] WHERE username = '" & TextBox1.Text & "' AND password= '" & TextBox2.Text & "';"
    connection.Open()
    command.Connection = connection
    adaptor.SelectCommand = command
    adaptor.Fill(Dataset, 0)
    myData = command.ExecuteReader

    If Not myData.HasRows Then 
        TextBox1.Clear()
        TextBox2.Clear()
        MsgBox("Forkert login, prøv igen")
    ElseIf myData.HasRows Then
        Me.Hide()
        LoggetInd.Show()
    End If

1 个答案:

答案 0 :(得分:0)

以下是您可以做的事情:

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
    Dim connection As New SqlClient.SqlConnection
    Dim command As New SqlClient.SqlCommand
    Dim myData As SqlClient.SqlDataReader
    connection.ConnectionString = ("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\NewFolder1\Members.mdf;Integrated Security=True")
    'Don't use SELECT *, call out the columns you want by name, in the order you want them
    command.CommandText = "SELECT Username, Password, Bit1 FROM  [User] WHERE username = '" & TextBox1.Text & "' AND password= '" & TextBox2.Text & "';"
    connection.Open()
    command.Connection = connection
    myData = command.ExecuteReader(CommandBehavior.CloseConnection)
    Dim dbUsername As String, dbPassword As String, dbBit1 As Boolean
    If myData.Read Then
        'Access the data in the datareader using a 0-based index
        'Be careful as this requires you to know the datatype in the database
        'If you have a 64bit integer stored in the database,
        'you can't call GetInt32, you have to call GetInt64.
        dbUsername = myData.GetString(0)
        dbPassword = myData.GetString(1)
        dbBit1 = myData.GetBoolean(2)
    End If
    'Don't forget to Close all your DataReaders
    myData.Close()
    If dbUsername = "" Then
        TextBox1.Clear()
        TextBox2.Clear()
        MsgBox("Forkert login, prøv igen")
    Else
        If dbBit1 Then
            'Redirect as needed
        Else
            Me.Hide()
            LoggetInd.Show()
        End If
    End If
End Sub

Plutonix是对的,您需要使用哈希来加密/存储您的密码。您还需要使用SQL参数。您当前的方法是SQL注入操场,等等。

完成后,在所有数据加载器上调用Close,否则将在整个地方打开SQL连接。当您调用ExecuteReader时,请务必使用CommandBehavior.CloseConnection。这将在您关闭datareader后自动关闭Connection。

这有望使您的代码正常工作,但您需要对安全性和稳定性进行其他更改。

-E

相关问题
最新问题