我正在玩数据库,今天我试图使用SQLCompactEdition数据库,我创建了一个名为UserDB的本地数据库,并在其中有一个名为User的表。VB.NET中的SQLCe数据库抛出异常,同时在表中插入数据
我已经使用我的应用程序(这是另一个数据库)登录到管理员,并通过管理员,我正在创建一个用户。我曾经为宗旨
代码是:
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim connStr As New SqlCeConnection("Data Source=c:\users\babi\documents\visual studio 2012\Projects\ShopManagement\ShopManagement\" & "User\UserDB.sdf; Password =")
Dim name, pass, repass As String
name = TextBox1.Text
If (name.Length = 0) Then
MessageBox.Show("Enter user-name!!")
Exit Sub
End If
pass = TextBox2.Text
If (pass.Length = 0) Then
MessageBox.Show("Enter password!!")
Exit Sub
End If
repass = TextBox3.Text
If (repass.Length = 0) Then
MessageBox.Show("Re-enter password!!")
Exit Sub
End If
If (getMD5Hash(pass) = getMD5Hash(repass)) Then
Dim cmd As New SqlCeCommand("INSERT INTO User(uname, upass)VALUES(" & name & "," & getMD5Hash(pass) & ");", connStr)
connStr.Open()
cmd.ExecuteNonQuery()
connStr.Close()
MessageBox.Show("User Created!")
Exit Sub
Else
MessageBox.Show("Passwords donot match!!")
Exit Sub
End If
End Sub
当我调试,我发现查询字符串是:
"INSERT INTO User(uname, upass)VALUES(abcd,827ccb0eea8a706c4c34a16891f84e7b);"
发生是例外:
An unhandled exception of type 'System.Data.SqlServerCe.SqlCeException' occurred in System.Data.SqlServerCe.dll
我无法理解是什么导致了这个错误。 如果需要更多信息,请询问。
编辑
固定码:
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim connStr As New SqlCeConnection("Data Source=c:\users\babi\documents\visual studio 2012\Projects\ShopManager\ShopManager\" & "ManagementDB.sdf; Password =")
Dim name, pass, repass As String
name = TextBox1.Text
If (name.Length = 0) Then
MessageBox.Show("Enter user-name!!")
Exit Sub
End If
pass = TextBox2.Text
If (pass.Length = 0) Then
MessageBox.Show("Enter password!!")
Exit Sub
End If
repass = TextBox3.Text
If (repass.Length = 0) Then
MessageBox.Show("Re-enter password!!")
Exit Sub
End If
If (getMD5Hash(pass) = getMD5Hash(repass)) Then
Dim cmd As New SqlCeCommand("INSERT INTO [User](uname, upass) VALUES('" & name & "','" & getMD5Hash(pass) & "');", connStr)
connStr.Open()
cmd.ExecuteNonQuery()
connStr.Close()
MessageBox.Show("User Created!")
Exit Sub
Else
MessageBox.Show("Passwords donot match!!")
Exit Sub
End If
End Sub
的问题的解决方案是由两种解决方案的组合给出! 所以谢谢你们两个:)
问候 Priyabrata
写@Priyabrata我看你已经选择了一个不同的答案,没有问题,但rememeber是字符串连接是通向地狱的道路(SQL注入)。如果我在用户名字段“x”中写入,会发生什么; DELETE FROM [user] - '? (请不要尝试,[看看这个])(http://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work) – Steve
我明白了!!谢谢你指出,这是我第一次与DB打交道,所以我不知道这一点。 – Priyabrata