SQL的

时间:2017-03-01 22:24:03

标签: c# asp.net vb.net login visual-studio-2015

所以我在vb.net上遇到了我的登录代码问题,并且想知道是否有人可以建议我的代码有什么问题?

我得到的错误是:

  

System.Data.dll中出现'System.Data.SqlClient.SqlException'类型的异常,但未在用户代码中处理

     

附加信息:数据类型text和varchar在等于运算符中不兼容。

代码。

Imports System.Data.SqlClient
Partial Class Login Inherits System.Web.UI.Page

    Protected Sub btnlogin_Click(sender As Object, e As EventArgs) Handles btnlogin.Click

        Dim conn As New SqlConnection
        Dim cmd As New SqlCommand
        Dim dr As SqlDataReader

        Dim LogEmail As String
        Dim LogPassword As String

        LogEmail = txtLogEmail.Text
        LogPassword = txtLogPword.Text

        conn.ConnectionString = "Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\User\Documents\Visual Studio 2015\WebSites\myAppointments\App_Data\Database.mdf;Integrated Security=True"
        cmd.Connection = conn
        conn.Open()
        cmd.CommandText = "SELECT EmailAddress, Password FROM PatientDetails WHERE EmailAddress = '" & txtLogEmail.Text & "' and Password = '" & txtLogPword.Text & "'"
        dr = cmd.ExecuteReader
        If dr.HasRows Then
            lblLogin.Text = "Login Successful!"
        Else
            lblLogin.Text = "Login Unsuccessful! :("
        End If

        conn.Close()

    End Sub

End Class

2 个答案:

答案 0 :(得分:0)

import React from 'react'; import ReactDOM from 'react-dom'; import { Router, Route, Link, browserHistory, IndexRoute } from 'react-router' import { CreateAccount } from './createaccount'; import { Menus } from './menu'; import { DiscoverApp } from './discover' import { northAmerica } from './northAmerica' import { southAmerica } from './southAmerica' import { europe } from './europe' import { africa } from './africa' import { asia } from './asiaME' import { australia } from './australia' import * as map from './jquery-jvectormap-2.0.3.min.js' import * as world from './jquery-jvectormap-world-mill-en.min.js' ReactDOM.render(( <Router history = {browserHistory}> <Route path="/" component={CreateAccount}/> <Route path="/menu" component={Menus}/> <Route path="/discover" component={DiscoverApp}/> <Route path="/NorthAmerica" component={northAmerica}/> <Route path="/SouthAmerica" component={southAmerica}/> <Route path="/Europe" component={europe}/> <Route path="/Asia" component={asia}/> <Route path="/Africa" component={africa}/> <Route path="/Australia" component={australia}/> </Router> ), document.getElementById('root')); 字段中的[EmailAddress]字段或[Password]字段很可能属于[PatientDetails]类型。您需要将基础数据类型更改为textvarchar才能使用此查询。

更重要的是,您的查询很容易受到SQL注入攻击,因为您既没有清理,也没有对这些输入进行清理,也没有参数化。想象一下,如果有人在用户名框中输入以下内容:

nvarchar

当您检查密码时,他们只是删除了整个表格...

答案 1 :(得分:0)

除了Tim所说的,EmailAddress或Password字段都没有理由是text类型。使用nvarchar(255)就足够了。

相关问题
最新问题