我正在VB.NET中创建一个登录表单,我在mysql中有一个名为user的表。我想要做的是在用户登录之前,用户表的Administrator列必须为TRUE且DELETED列必须为FALSE。我已经尝试了所有我知道但所有非管理员用户仍然可以登录...
Heres用户表的外观如下:
+---------------+------------+---------+--------+---------+----------+---------------+---------+
| User_BannerID | FirstName | LastName | Email | Username | Password | Administrator | Deleted |
+---------------+------------+---------+--------+---------+----------+---------------+---------+
| | | | | | | | |
| | | | | | | | |
+---------------+------------+---------+--------+---------+----------+---------------+---------+
这是代码:
Imports MySql.Data.MySqlClient
Public Class frmAdlogin
Private Sub cmdCancel_Click(sender As System.Object, e As System.EventArgs) Handles cmdCancel.Click
Application.Exit()
End Sub
Private Sub cmdLogin_Click(sender As System.Object, e As System.EventArgs) Handles cmdLogin.Click
Dim conn As New MySqlConnection
Dim myCommand As New MySqlCommand
Dim myConnString As String
Dim UserID As String
myConnString = "server=" & txtServer.Text & ";" _
& "user id=" & txtUsername.Text & ";" _
& "password=" & txtPassword.Text & ";" _
& "database=attendance"
conn.ConnectionString = myConnString
Try
conn.Open()
myCommand.Connection = conn
myCommand.CommandText = "SELECT user_bannerid FROM user WHERE BINARY username = ?Username and administrator = 'TRUE' and deleted = 'FALSE' "
myCommand.Parameters.Add("?Username", txtUsername.Text)
UserID = myCommand.ExecuteScalar
conn.Close()
Dim AdminForm As New frmAdmin
AdminForm.UserID = UserID
AdminForm.connectionString = myConnString
AdminForm.Show()
Me.Hide()
Me.Close()
Catch myerror As MySqlException
MessageBox.Show("Invalid login. Please Enter The Correct Server Address And Your Username Plus The Correct Password ")
conn.Dispose()
End Try
End Sub
Private Sub frmAdlogin_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Me.AcceptButton = cmdLogin
Me.CancelButton = cmdCancel
txtPassword.PasswordChar = "*"
End Sub
End Class
编辑BizApps现在看起来如何:
Imports MySql.Data.MySqlClient
Public Class frmAdlogin
Private Sub cmdCancel_Click(sender As System.Object, e As System.EventArgs) Handles cmdCancel.Click
Application.Exit()
End Sub
Private Sub cmdLogin_Click(sender As System.Object, e As System.EventArgs) Handles cmdLogin.Click
Dim conn As New MySqlConnection
Dim myCommand As New MySqlCommand
Dim myConnString As String
Dim UserID As String
myConnString = "server=" & txtServer.Text & ";" _
& "user id=" & txtUsername.Text & ";" _
& "password=" & txtPassword.Text & ";" _
& "database=attendance"
conn.ConnectionString = myConnString
conn.Open()
myCommand.Connection = conn
myCommand.CommandText = "SELECT user_bannerid FROM user WHERE BINARY username = ?Username and administrator = 'TRUE' and deleted = 'FALSE' "
myCommand.Parameters.Add("?Username", txtUsername.Text)
Dim dt = New DataTable()
Dim ds = New MySqlDataAdapter(myCommand)
ds.Fill(dt)
If (dt.Rows.Count > 0) Then
conn.Close()
Dim AdminForm As New frmAdmin
AdminForm.UserID = UserID
AdminForm.connectionString = myConnString
AdminForm.Show()
Me.Hide()
Me.Close()
Else
MessageBox.Show("Invalid login. Please Enter The Correct Server Address And Your Username Plus The Correct Password ")
End If
End Sub
Private Sub frmAdlogin_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Me.AcceptButton = cmdLogin
Me.CancelButton = cmdCancel
txtPassword.PasswordChar = "*"
End Sub
End Class
答案 0 :(得分:1)
首先尝试查询是否有效。
SELECT user_bannerid FROM user WHERE BINARY username ='myusername' and administrator = 'TRUE' and deleted = 'FALSE'
然后如果它返回记录
试试这个:
myCommand.Connection = conn
myCommand.CommandText = "SELECT user_bannerid FROM user WHERE BINARY username = ?Username and administrator = 'TRUE' and deleted = 'FALSE' "
myCommand.Parameters.Add("?Username", txtUsername.Text)
Dim dt = new DataTable()
Dim ds = New MySqlDataAdapter(myCommand)
ds.Fill(dt)
if(dt.Rows.Count < 1 ) then // no record found
MessageBox.Show("Invalid login. Please Enter The Correct Server Address And Your Username Plus The Correct Password ")
Else //record found
conn.Close()
Dim AdminForm As New frmAdmin
AdminForm.UserID = UserID
AdminForm.connectionString = myConnString
AdminForm.Show()
Me.Hide()
Me.Close()
End If
此致
答案 1 :(得分:0)
由于我见过的大多数SQL数据库都将布尔值表示为0(false)和1(true),因此请尝试将sql语句更改为:
myCommand.CommandText = "SELECT user_bannerid FROM user WHERE BINARY username = ?Username and administrator = 1 and deleted = 0"