1. 首页
  2. 问答
  3. Visual Studio本地数据库,检查布尔是否为真

Visual Studio本地数据库,检查布尔是否为真

2016-09-28 61 views
1

第一次海报在这里..我一直在这个问题困扰了一段时间。 这段代码检查用户名和密码的组合是否存在,如果存在,它会重定向到一个新表单。 问题是,我也想检查一下位值是真还是假,如果它然后重定向到另一页。我只是不知道如何。Visual Studio本地数据库,检查布尔是否为真

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles 
Button1.Click 
    Dim connection As New SqlClient.SqlConnection 
    Dim command As New SqlClient.SqlCommand 
    Dim myData As SqlClient.SqlDataReader 
    Dim Dataset As New DataSet 
    Dim adaptor As New SqlClient.SqlDataAdapter 
    connection.ConnectionString = ("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\NewFolder1\Members.mdf;Integrated Security=True") 
    command.CommandText = "SELECT * FROM [User] WHERE username = '" & TextBox1.Text & "' AND password= '" & TextBox2.Text & "';" 
    connection.Open() 
    command.Connection = connection 
    adaptor.SelectCommand = command 
    adaptor.Fill(Dataset, 0) 
    myData = command.ExecuteReader 

    If Not myData.HasRows Then 
     TextBox1.Clear() 
     TextBox2.Clear() 
     MsgBox("Forkert login, prøv igen") 
    ElseIf myData.HasRows Then 
     Me.Hide() 
     LoggetInd.Show() 
    End If

来源

2016-09-28 Drax

+0

位(true/false)的值是否改变了被重定向到的页面,还是只是一个额外的检查? –

+1

不要将密码存储为纯文本。哈希它们。还使用sql参数 - 名为D'Artagnan的用法会使您的应用程序崩溃 – Plutonix

+0

该位的值会将正在重定向的页面更改为yes – Drax

回答

0

这里是你可以做什么:

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click 
    Dim connection As New SqlClient.SqlConnection 
    Dim command As New SqlClient.SqlCommand 
    Dim myData As SqlClient.SqlDataReader 
    connection.ConnectionString = ("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\NewFolder1\Members.mdf;Integrated Security=True") 
    'Don't use SELECT *, call out the columns you want by name, in the order you want them 
    command.CommandText = "SELECT Username, Password, Bit1 FROM [User] WHERE username = '" & TextBox1.Text & "' AND password= '" & TextBox2.Text & "';" 
    connection.Open() 
    command.Connection = connection 
    myData = command.ExecuteReader(CommandBehavior.CloseConnection) 
    Dim dbUsername As String, dbPassword As String, dbBit1 As Boolean 
    If myData.Read Then 
     'Access the data in the datareader using a 0-based index 
     'Be careful as this requires you to know the datatype in the database 
     'If you have a 64bit integer stored in the database, 
     'you can't call GetInt32, you have to call GetInt64. 
     dbUsername = myData.GetString(0) 
     dbPassword = myData.GetString(1) 
     dbBit1 = myData.GetBoolean(2) 
    End If 
    'Don't forget to Close all your DataReaders 
    myData.Close() 
    If dbUsername = "" Then 
     TextBox1.Clear() 
     TextBox2.Clear() 
     MsgBox("Forkert login, prøv igen") 
    Else 
     If dbBit1 Then 
      'Redirect as needed 
     Else 
      Me.Hide() 
      LoggetInd.Show() 
     End If 
    End If 
End Sub

Plutonix是正确的,你需要使用一个哈希加密/存储你的密码。您还需要使用SQL参数。当前的方法是SQL注入操场等等。

调用完成后关闭所有数据采集器,如果没有,您将在所有地方打开SQL连接。当你调用ExecuteReader时,一定要使用CommandBehavior.CloseConnection。关闭数据库之后,这会自动关闭连接。

这将有望让您的代码正常工作,但您需要对安全性和稳定性进行其他更改。

-E

来源

2016-09-28 18:33:09

相关问题

 相关问题