这里的第一次海报..我已经有一段时间了解这个问题。 这段代码检查用户名和密码的组合是否存在,如果存在,则重定向到新表单。 问题是我还想检查一个位值是真还是假,如果它然后重定向到另一个页面也是如此。我只是不知道该怎么做。
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles
Button1.Click
Dim connection As New SqlClient.SqlConnection
Dim command As New SqlClient.SqlCommand
Dim myData As SqlClient.SqlDataReader
Dim Dataset As New DataSet
Dim adaptor As New SqlClient.SqlDataAdapter
connection.ConnectionString = ("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\NewFolder1\Members.mdf;Integrated Security=True")
command.CommandText = "SELECT * FROM [User] WHERE username = '" & TextBox1.Text & "' AND password= '" & TextBox2.Text & "';"
connection.Open()
command.Connection = connection
adaptor.SelectCommand = command
adaptor.Fill(Dataset, 0)
myData = command.ExecuteReader
If Not myData.HasRows Then
TextBox1.Clear()
TextBox2.Clear()
MsgBox("Forkert login, prøv igen")
ElseIf myData.HasRows Then
Me.Hide()
LoggetInd.Show()
End If
答案 0 :(得分:0)
以下是您可以做的事情:
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim connection As New SqlClient.SqlConnection
Dim command As New SqlClient.SqlCommand
Dim myData As SqlClient.SqlDataReader
connection.ConnectionString = ("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\NewFolder1\Members.mdf;Integrated Security=True")
'Don't use SELECT *, call out the columns you want by name, in the order you want them
command.CommandText = "SELECT Username, Password, Bit1 FROM [User] WHERE username = '" & TextBox1.Text & "' AND password= '" & TextBox2.Text & "';"
connection.Open()
command.Connection = connection
myData = command.ExecuteReader(CommandBehavior.CloseConnection)
Dim dbUsername As String, dbPassword As String, dbBit1 As Boolean
If myData.Read Then
'Access the data in the datareader using a 0-based index
'Be careful as this requires you to know the datatype in the database
'If you have a 64bit integer stored in the database,
'you can't call GetInt32, you have to call GetInt64.
dbUsername = myData.GetString(0)
dbPassword = myData.GetString(1)
dbBit1 = myData.GetBoolean(2)
End If
'Don't forget to Close all your DataReaders
myData.Close()
If dbUsername = "" Then
TextBox1.Clear()
TextBox2.Clear()
MsgBox("Forkert login, prøv igen")
Else
If dbBit1 Then
'Redirect as needed
Else
Me.Hide()
LoggetInd.Show()
End If
End If
End Sub
Plutonix是对的,您需要使用哈希来加密/存储您的密码。您还需要使用SQL参数。您当前的方法是SQL注入操场,等等。
完成后,在所有数据加载器上调用Close,否则将在整个地方打开SQL连接。当您调用ExecuteReader时,请务必使用CommandBehavior.CloseConnection。这将在您关闭datareader后自动关闭Connection。
这有望使您的代码正常工作,但您需要对安全性和稳定性进行其他更改。
-E