System.Data.dll中出现“System.InvalidOperationException”类型的异常

时间:2017-12-16 04:34:07

标签: vb.net

这是我的代码。帮我解决一下谢谢!

  

System.Data.dll中出现“System.InvalidOperationException”类型的异常但未在用户代码中处理附加信息:ExecuteReader需要一个开放且可用的连接。连接的当前状态已关闭

Imports System.Data.SqlClient
Partial Class Staff
    Inherits System.Web.UI.Page

    ' Dim conn As New SqlConnection("Data Source=USER-PC\SQLEXPRESS;Initial Catalog=carrental;Integrated Security=True;Pooling=False")
    Dim con As New Data.SqlClient.SqlConnection
    Dim cmd As New Data.SqlClient.SqlCommand
    Dim dr As Data.SqlClient.SqlDataReader

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Try
            con.ConnectionString = ("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\user\Desktop\oh manisku\PROJECT ABIS\project baru\project baru\App_Data\order.mdf;Integrated Security=True;Connect Timeout=30")
            con.Open()


        Catch ex As Exception
            '  MsgBox(ex.Message)
        End Try
    End Sub
    Protected Sub btnSubmit_Click(sender As Object, e As EventArgs) Handles btnSubmit.Click
        cmd.CommandText = ("Select Username, Password from Admin WHERE Username ='" & txtusername.Text & "'   and Password = '" & txtPass.Text) & "' "
        cmd.Connection = con
        dr = cmd.ExecuteReader

        con.Close()
        If dr.HasRows Then

            MsgBox("Succesfully Login")
            Response.Redirect("recalled.aspx")

        Else
            MsgBox("Invalid Username and Password")

        End If
    End Sub
    Private Sub btnReset_Click(sender As Object, e As EventArgs) Handles btnReset.Click


    End Sub

    Protected Sub SqlDataSource1_Selecting(sender As Object, e As SqlDataSourceSelectingEventArgs) Handles SqlDataSource1.Selecting

    End Sub
End Class

1 个答案:

答案 0 :(得分:0)

正如我在评论中所说,您在阅读数据之前关闭了连接。完成数据读取后,应将连接移近。

Protected Sub btnSubmit_Click(sender As Object, e As EventArgs) Handles btnSubmit.Click
    Dim con As New Data.SqlClient.SqlConnection
    con.ConnectionString = ("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\user\Desktop\oh manisku\PROJECT ABIS\project baru\project baru\App_Data\order.mdf;Integrated Security=True;Connect Timeout=30")
    con.Open()
    cmd.CommandText = ("Select Username, Password from Admin WHERE Username ='" & txtusername.Text & "'   and Password = '" & txtPass.Text) & "' "
    cmd.Connection = con
    dr = cmd.ExecuteReader
    If dr.HasRows Then

        MsgBox("Succesfully Login")
        Response.Redirect("recalled.aspx")

    Else
        MsgBox("Invalid Username and Password")

    End If
    dr.Close() ' close the datareader
    con.Close() ' close the connection
End Sub
Private Sub btnReset_Click(sender As Object, e As EventArgs) Handles btnReset.Click


End Sub

调用ExecuteReader只会打开流。如果关闭连接,则关闭流。使用电话类比:它就像挂断某人,然后试图进行对话。

请切换为使用parameterized queries,因为现在我可以输入' OR 1 = 1 ; --的用户名,并且我可以完全访问您系统中的第一个帐户。

另外,请研究安全存储密码的方法。您绝不应以纯文本格式在数据库中存储密码,并且绝不应以允许您将密码转换为原始用户输入的方式存储密码。密码应该用盐进行哈希处理。见here

相关问题
最新问题